Data governance fails not because the technology is wrong but because the politics of institutional arrangements make real enforcement impossible. Decoupling ex...
IT Governance & Strategy
Strategic alignment, IT governance, data governance, platform governance, and how organizations make technology investment decisions.
Every healthcare IS post I have written is about breach cost. The real story is that the fax machine is still the primary interoperability tool, and structurati...
Organizations are not victims of vendor lock-in. They are participants in a game where both sides know the rules. TCE explains the costs. Resource dependence ex...
Orlikowski and Iacono asked IS to theorize the IT artifact. Agentic AI makes that question unavoidable. The artifact is now an actor.
Cybersecurity spending keeps rising while breach costs keep climbing. Transaction cost economics, externality theory, and moral hazard explain why. IS researche...
Marketing departments spend billions on martech stacks but study none of it through an IS lens. TAM explains adoption, but not why the same Salesforce instance ...
IBM's 2024 report puts the average breach cost at $4.88 million. As an IS researcher, the number I can't stop thinking about is $9.77 million in healthcare, for...
ISC2 reports a 4.76 million person cybersecurity gap while the existing workforce stagnates. For the first time, budget, not talent, is the top barrier.
Gartner says 63% of organizations have started implementing zero trust. Only 10% will have a mature program by 2026. The gap between those two numbers is an IS ...
Security spending hits $213 billion in 2025. Breach costs hit $4.88 million on average. Both numbers go up together, and that should bother us more than it does...
Private 5G networks let enterprises build their own cellular infrastructure inside a factory or warehouse. Most organizations are still figuring out what to do ...
Agency theory explains IT outsourcing and governance through principals, agents, and monitoring. AI rewrites the problem in a way the original framework did not...
Gartner estimates only about 130 of thousands of self-described agentic AI vendors are real. That gap has a name, and it has consequences.
Scaling agile to 500 people across three time zones is a different problem entirely. The frameworks meant to help often just create new bureaucracy.
Organizations use AI to optimize existing processes while calling it transformation. March (1991) would call this pure exploitation, and the exploration gap is ...
Gartner predicts agentic AI will resolve 80% of common customer service issues by 2029. Getting there requires solving problems that have nothing to do with the...
Cohen, March and Olsen showed that solutions search for problems, not the other way around. Most organizations adopted AI exactly that way between 2023 and 2025...
Almost every large organization has run an AI pilot. Very few of those pilots make it to production. That gap is not a data science problem.
Gartner predicts over 40% of agentic AI projects canceled by 2027. The pattern looks a lot like ERP in the 1990s, and the failure mode is the same.
Every major cloud vendor now sells GPU clusters. The hardware is commodity. The capability to use it is not. Here is what Carr and Barney teach us about AI moat...
The accountability gap in algorithmic decision-making is an IS governance problem, not just a legal one. And the EU AI Act is forcing organizations to confront ...
Pfeffer and Salancik said dependence rises when resources are critical and concentrated. AI model providers are the most concentrated critical resource in IS hi...
APIs let companies monetize capabilities rather than products. The strategic logic is platform theory, and the dependency chain it creates is intentional.
Ocasio's attention-based view says firm behavior follows what executives notice, not what they intend. Attention is the scarcest organizational resource.
Buy commodity capabilities, build differentiating ones. The textbook answer is clean. The actual decision is entangled with vendor risk, integration complexity,...
Most people think digital privacy is about data breaches. Leidner and Tona's CARE framework says it is really about whether your dignity can survive digitizatio...
Gartner's April 2026 CEO survey puts 80% of chief executives on record expecting AI to force operational overhauls. McKinsey's data shows only 7% of organizatio...
Rule-based bots were honest about what they couldn't do. LLM-based bots can sound confident while being wrong. That's a more dangerous failure mode.
Gartner's April 2026 forecast shows AI spending nearly doubling to $2.5T in 2026. CIOs are now expected to demonstrate returns on that investment. As an IS rese...
CIOs are expected to drive strategy and innovation. Many still report to the CFO. That gap is not accidental.
Cloud migration is sold as a cost-reduction play. In practice, many organizations end up spending more and quietly moving workloads back.
I had read Orlikowski and Iacono before. Three hours on one page taught me what I had missed about the five views of the IT artifact.
Reading Sarker et al. (2019) for the third time during comps prep, the 56% stat finally hit me: more than half of IS papers do not theorize technology at all.
Contingency theory says the right approach depends on the situation. Applied to IT, this is why best practices keep failing in unexpected places.
Melvin Conway observed in 1967 that organizations produce systems that mirror their communication structures. Once you see it, you cannot unsee it.
A routine config update grounded airlines and froze hospitals. The risk was not the update but the architecture that pushed it everywhere at once.
The global cybersecurity workforce gap reached 4.76 million in 2024, and for the first time, budget, not talent, is the leading cause.
The IBM 2024 average breach cost is $4.88 million. Averages are useful until they aren't. Here's what the distribution actually tells governance researchers.
Data governance fails more often as a political problem than a technical one. Without someone with real authority, no amount of tooling resolves conflicting dat...
The lakehouse architecture combines the cheap storage of data lakes with the transactional guarantees of data warehouses, and the governance challenge is what m...
The data architecture debate between centralized warehouses and data mesh has generated enormous noise. The actual choice depends on your organization, not your...
Building a working artifact is necessary but not sufficient for design science research. The real question is whether your artifact produces generalizable knowl...
Organizations buy CI/CD pipelines and call it DevOps. The DORA research says the differentiating factor is culture, not tooling.
The CIO role has shifted from infrastructure steward to business strategy partner, but most organizations have not figured out what that actually requires.
A project ends when you ship. A product never really finishes. Organizations that still run IT like a project shop while trying to compete in a product-driven m...
Where data is stored and processed has become a geopolitical question, not just a technical one. GDPR, Schrems II, and chip export controls explain why.
The leadership gap in digital transformation is not a technology problem. It is a culture and authority problem that technology cannot fix.
Digital artifacts are both material and semiotic at once. You cannot study the system without studying its social life, and you cannot study the social without ...
Teece, Pisano, and Shuen's dynamic capabilities framework explains why having excellent systems today guarantees nothing about tomorrow.
Edge computing moves computation to where data is generated. The latency gains are real. The governance problem that follows is harder than most enterprise IT t...
TOGAF and Zachman promised to align IT with business strategy. What they often produced instead was documentation that nobody reads and governance that slows ev...
Satoshi's 2008 insight was genuine. What enterprise blockchain often misses is that the insight only matters when the parties don't already trust each other.
After decades of high-profile disasters, large organizations still repeat the same ERP mistakes. The problem is rarely the software.
Flexera 2025 found 84% of organizations struggling to manage cloud spend and budgets overrun by 17%. FinOps stopped being an engineering function when the cloud...
AI investments are growing 35%+ year over year. Boards want ROI. The measurement frameworks for GenAI ROI barely exist yet.
Enterprise AI governance involves at least four distinct problems. Most organizations are still treating them as one.
Geopatriation is not a cloud architecture decision. It is an institutional choice about which logic dominates.
Global IT spending reaches $6.31 trillion in 2026, a 13.5% jump from 2025. AI is the engine. Data centers, software, and security are all growing fast.
Pfeffer and Salancik predicted this. When one supplier controls access to a critical resource, power concentrates. NVIDIA at 80% GPU market share changes everyt...
The Great Resignation hit the IS workforce hard. Organizations discovered how much institutional knowledge had been quietly sitting in people who had just left.
Gartner coined hyperautomation to describe end-to-end automation of any automatable process. Most organizations are still struggling to automate one process wel...
Most technology resistance is not about the technology. When a tool threatens who someone believes they are, rejection is identity-consistent, not irrational.
Gartner found 54% of I&O leaders are adopting AI to cut costs. But AI spending itself is heading to $2.5 trillion in 2026. The math needs to include both sides.
When employees spin up unauthorized cloud accounts and build their own tools, they are being intrapreneurial. The question is whether organizations can harness ...
Digital infrastructure consumes significant electricity. IS researchers studying digital transformation should be asking who measures, reports, and governs the ...
Henderson and Venkatraman published their Strategic Alignment Model in 1993. Three decades later, IT-business alignment still tops CIO concern lists. The proble...
Henderson and Venkatraman published the Strategic Alignment Model in 1993. Alignment remains a top CIO concern today. The problem has not gone away.
The productivity paradox asked why IT spending didn't show up in productivity data. The answer turned out to be about capability, not spending.
Organizations outsource IT, run into problems, bring it back in-house, then outsource again. The cycle is predictable. The reasons it repeats are not mysterious...
Most organizations have more IT projects in flight than they can deliver. Portfolio management theory says say no. Organizational politics make saying no nearly...
Most organizations manage vendor relationships reactively. They notice a contract is about to auto-renew, realize they don't know if they're getting value, and ...
Organizations spend heavily on ITIL and COBIT implementation. The gap between the framework on paper and how IT actually runs can be enormous.
Organizations sometimes adopt technology not because it works but because not adopting it would look bad. Legitimacy theory explains why this is rational.
Most large enterprises are multi-cloud by accident. AWS for one division, Azure because Microsoft was already there, GCP because the data science team wanted it...
No-code platforms lower the floor for simple tasks. They don't raise the ceiling. When the use case gets complex, the citizen developer needs an engineer.
When half of non-US CIOs anticipate vendor changes because of geopolitical factors, cloud procurement has become foreign policy by another name.
Open data initiatives promise neutral access to government information. What gets published, in what format, and how usable it is reflects political choices.
March (1991) called it the competency trap: organizations get so good at what they currently do that they stop investing in what they will need to do next.
March's exploration-exploitation tradeoff applies to IT strategy more directly than almost any other management domain. Bimodal IT was an attempt to solve it. H...
Platform engineering packages infrastructure expertise as a service for product teams, treating developer experience as something that can be built, maintained,...
In multi-sided platforms, the business model is not separate from the architecture. Changing how you make money usually means rebuilding the system that makes m...
Predicting attacks is useless if nobody acts on the warning. PMT explains why organizations stall on preemptive security.
Kahneman and Tversky's prospect theory shows losses feel roughly twice as painful as equivalent gains. This explains technology resistance better than most adop...
Cloud spending hit $723.4 billion in 2025. Flexera says 27% of it is wasted. That is nearly $200 billion in idle compute, over-provisioned storage, and forgotte...
Quantum hardware is real, but enterprise-ready it is not. Here is what the IS field should be watching anyway.
Most IT purchases fail the VRIN test. The interesting question is what IT-related resources actually are hard to imitate.
RPA bots are brittle. Automate a stable, high-volume, rules-based process and you have a useful tool. Automate a bad process and you have automated chaos.
SaaS was supposed to replace unpredictable capital expenditure with clean monthly operating costs. For many organizations a decade in, the math is not working o...
Employees are pasting internal documents into consumer AI tools. The risk profile is different from shadow IT, but the pattern is identical.
Spence (1973) showed that costly observable signals communicate unobservable qualities. Technology choices do this constantly. What you run says something beyon...
When a court ruling in Luxembourg changes where a German hospital can store patient records, cloud architecture is no longer a purely technical decision.
Sovereign cloud IaaS hits $80 billion in 2026 with 35.6% growth. What Gartner is forecasting is not a compliance checkbox trend. It is governments rewriting the...
COVID-19 didn't break supply chains. It revealed how much fragility had been building for decades. The digital response is real, but the problems aren't primari...
Ward Cunningham coined technical debt in 1992. Non-tech organizations accumulate it just as fast as tech companies, and manage it far less deliberately.
Enterprise knowledge systems capture what can be written down and miss everything else. Argyris, Nonaka, and Cohen tell us why.
56% of IS papers study the social side without theorizing technology at all. The field's identity crisis is not rhetorical. The numbers show it is real.
Verizon's 2024 DBIR found a 68% increase in third-party breaches. The structural problem is that you can harden your own systems but not your vendors' systems, ...
Gartner's bimodal IT concept is appealing in theory. The execution is where things get complicated, and expensive, and politically strange.
Upper echelons theory says executives interpret strategy through the lens of their experience. In IS, that means the CIO's background shapes what gets built and...
A 2021 executive order mandated zero trust for US federal agencies by fiscal year 2024. Gartner predicts 75% will fail. The gap is not technical.
Enterprise vendors don't accidentally create lock-in. They engineer it. Understanding this changes how you evaluate software contracts.
Gartner projects one million vulnerabilities annually by 2030. Patching cannot scale. The only move is to reconfigure how the firm approaches software risk.
A digital object is more than code on a server. Faulkner and Runde show that bit strings occupy social positions with rights and responsibilities, and that chan...
The Standish Group has tracked IT project outcomes for decades. The numbers have barely moved. This is a structural problem, not a competence problem.
When AI generates unverified data at scale, the assumption that data is trustworthy by default becomes the most dangerous assumption in your architecture.
Gartner predicts 50% of organizations will adopt zero-trust data governance by 2028. The driver is a problem AI has created: we cannot tell where data came from...
63% of organizations have implemented zero trust. Most cover half their environment. Most mitigate a quarter of their risk. The gap between claim and reality is...