rssitbuyer

GRC Software as the IT Intelligence Fabric for Buyers

Philip D. Harris, CISSP, CCSK — Wed, 13 May 2026 04:00:00 GMT

This IDC Perspective discusses how the GRC market is reaching an inflection point for technology buyers. Traditional platforms still handle policies, controls, evidence, exceptions, and risk registers, but buyers now need more: a live view of assets, data, services, models, and third parties, including ownership, criticality, control coverage, and business consequence. The market signal is clear that static inventories and periodic evidence exercises are no longer enough. Capabilities such as continuous control monitoring, CMDB enrichment, data mapping, classification, and AI-assisted analysis already exist across adjacent platforms, but they remain fragmented across separate tools and teams. The strategic opportunity is to move beyond disconnected control towers and adopt a trusted intelligence fabric that unifies context across assets, services, identities, data, controls, and risks. Done well, this fabric becomes a shared utility that enriches SOC triage, exposure prioritization, change management, IAM, data governance, AI governance, business continuity, audit, and leadership reporting. For buyers, the key question is no longer which platform collects the most data, but which can reconcile partial truths, infer missing context, republish trusted insights into operational tools, and reduce manual reconciliation across the enterprise.

"GRC's future is not better record keeping; it is becoming the trusted intelligence fabric that turns fragmented enterprise signals into shared, decision-grade operational context." — Phil Harris, research director, Governance, Risk and Compliance Solutions, IDC

IDC PeerScape: Practices for Quantum Computing Governance

David Weldon, Heather West, PhD — Wed, 13 May 2026 04:00:00 GMT

This IDC PeerScape explores how some forward-thinking organizations are preparing for this shift. They are developing quantum governance strategies that build on existing data and risk management practices.

"The development of quantum computing will certainly bring significant benefits in terms of analytics and speed of compute capabilities," says David Weldon, adjunct research advisor for IDC's IT Executive Programs (IEP). "But smart organizations are also taking steps now to develop quantum governance practices that will protect data in this new environment."

"The risk is two-pronged. Sensitive data needs protection now against 'harvest now, decrypt later' attacks, and the process of migrating critical infrastructure to post-quantum cryptographic standards is complex and must begin now in order to be prepared for future quantum systems," says Heather West, PhD, senior research manager and research lead, Global Quantum Computing Research, IDC.

Tech Buyer Survey Spotlight: Are Utilities Around the World Finally Getting Their Data House in Order?

Gaia Gallotti — Wed, 13 May 2026 04:00:00 GMT

This IDC Tech Buyer Survey Spotlight examines a portion of IDC's 2026 Energy & Utilities Industry-Specific Tech and Innovation Survey, a landmark study covering utilities around the world. It was run between February and March 2026.

The survey covered 800 respondents, of whom 531 are utilities respondents from the following countries: Australia, Brazil, Canada, Denmark, Finland, France, Germany, India, Italy, Saudi Arabia, Mexico, the Netherlands, New Zealand, Nigeria, Norway, the Philippines, Poland, Portugal, South Africa, Spain, Sweden, Türkiye, the UAE, the U.K., and the U.S.

This study extrapolates and analyzes select data for 531 utilities around the world.

This IDC Tech Buyer Survey Spotlight examines where utility organizations stand today on the journey to IT architecture modernization — and what the race to adopt AI, generative AI, and agentic AI means for the urgency of getting their data estates in order.

Tech Buyer Survey Spotlight: Where Do Energy Retailers and Water Suppliers Stand on the Path to IT Architecture Modernization?

Gaia Gallotti — Wed, 13 May 2026 04:00:00 GMT

This study extrapolates and analyzes select data for 169 energy retailers and suppliers and 91 water suppliers.

This IDC Tech Buyer Survey Spotlight examines where organizations stand today on their journey to IT architecture modernization — and what the race to adopt AI, generative AI, and agentic AI means for the urgency of getting their data estates in order.

Exposure-Informed Continuous Compliance Framework for Buyers

Philip D. Harris, CISSP, CCSK, Michelle Abraham — Tue, 12 May 2026 04:00:00 GMT

This IDC Perspective discusses exposure-informed continuous compliance framework. Cybersecurity compliance is shifting from periodic, siloed audit activity to continuous, integrated assurance. Continuous compliance, vulnerability management, attack surface management, and exposure management are converging as organizations seek real-time visibility, defensible evidence, and faster remediation across increasingly complex regulatory, operational, and technology environments. The exposure-informed continuous compliance methodology responds by making the business-relevant exposure, not the isolated finding, the core unit of management. It connects exposures to assets, controls, obligations, owners, remediation, and machine-readable evidence, enabling risk-based prioritization, reusable proof, and continuous validation of control effectiveness. The exposure-informed continuous compliance reference model operationalizes this approach through integrated data, decision, workflow, evidence, and reporting layers. Together, these layers turn compliance into a live, exposure-aware process that supports audit readiness, regulatory alignment, and measurable cyber-risk reduction.

“Future cybersecurity compliance will depend on exposure-informed continuous compliance,” says Philip Harris, research director, Governance, Risk, and Compliance Solutions at IDC. “This is where vulnerabilities, attack surface issues, exposures, control compliance issues, and evidence are managed as one continuously validated system rather than as disconnected tools, audits, and reporting streams.”

“The exposure-informed continuous compliance framework is becoming necessary for increased cybersecurity resilience for organizations,” says Michelle Abraham, senior director, Research Cybersecurity Research at IDC. “This is primarily because organizations must move beyond proving controls exist to continuously proving they work, are owned, reduce meaningful exposure, and generate reusable evidence across regulatory obligations.”

IBM Think 2026: An AI Operating Model Takes Shape Across Agents, Security, and the Platform

Jim Mercer — Tue, 12 May 2026 04:00:00 GMT

IBM's Think 2026 conference, held on May 5 in Boston, delivered a cohesive set of announcements to support AI adoption across the enterprise. The company organized its announcements around an AI Operating Model, built on four interdependent pillars: agents, data, automation, and hybrid. The announcements from the event were intended to address the gap IBM has identified between AI investment and AI ROI, a challenge that IDC research confirms is pervasive across enterprise organizations. The announcements from IBM Think promoted a shift from an AI experimentation mentality to leveraging AI to rethink business processes, making it a competitive differentiator rather than treating it as just a technology.

IREN Acquires Mirantis — Pairing AI Capacity with an Open, Portable, and AI Deployment Platform

Gary Chen, Matthew Flug — Tue, 12 May 2026 04:00:00 GMT

IREN has announced an agreement to acquire Mirantis, combining IREN's datacenter capacity and GPU footprint with Mirantis' infrastructure software, deployment services, and open source expertise. Notably, IREN intends to allow Mirantis to continue operating independently, ensuring the company can maintain its commitment to building open standards for the broader industry. The transaction reflects a broader consolidation of capacity, platform, runtime, deployment, and management layers in AI infrastructure as buyers move toward integrated "AI Factory" platforms.

Atlassian Team '26: Teamwork Graph Emerges as an Organizational Context Layer for Agentic Development

Adam Resnick — Mon, 11 May 2026 04:00:00 GMT

Atlassian's Team '26 announcements reflect a coherent strategic argument that expanding the organizational context available to developers and agents can unlock productivity gains that model improvements alone are unlikely to deliver. The opening of the Teamwork Graph via TWG CLI and Rovo MCP Server, combined with Rovo Studio reaching general availability and Agents in Jira going GA, moves that argument from architectural vision to live product capabilities. The competitive field is active, as Cursor, GitHub Copilot, and ServiceNow each push their own context layers into developer workflows via MCP and related integrations. Atlassian's differentiation is its starting position inside the development life cycle, where Jira and Confluence already hold much of the planning, decision, and coordination history that agentic SDLC work depends on. Data quality, governance, and the economics of AI consumption remain the variables that will determine how quickly enterprises capture the value Atlassian is describing.

Broadcom Announces VMware Cloud Foundation 9.1, Demonstrating Continued Investment in the VCF Platform

Adam Reeves — Mon, 11 May 2026 04:00:00 GMT

On May 5, 2026, Broadcom announced VMware Cloud Foundation (VCF) 9.1, spanning infrastructure efficiency, application delivery, and cyber-resilience with a specific focus on private AI workloads. The release converts a set of forward-looking commitments made at VMware Explore 2025 into delivered capabilities and demonstrates Broadcom's continued investment in the VCF platform.

CIO Peer Perspective — IT Market Outlook and Leadership in Uncertain Times

Teodora Snoddy, Rick Villars — Mon, 11 May 2026 04:00:00 GMT

This IDC Perspective discusses the CIO peer perspective on IT market outlook and leadership in uncertain times. This year, economic consequences from policy decisions are materializing, and geopolitical consequences are unfolding amid tension from unpredictable world leaders. C-suite executives are leaning on their CIO and technology teams to navigate uncertainty, using technology to enable strategic decision-making and sustain operational resilience.

To assess the impact and what comes next, we brought together IDC's latest data with insights from Chief Analyst Rick Villars, alongside our CIO Research Advisory board, to examine the implications for IT organizations.

"Much of the CEO's success this year will be driven by the CIO's ability to execute. Amid geopolitical, economic, and technological disruption, CIOs must continue to lead AI beyond experimentation to drive measurable business impact while continuously managing resilient operations. " — Teodora Snoddy, research manager, IDC