2025 may be the Year of the Agent, but the major cloud vendors started laying the groundwork as early as 2024. One way to see this trend is through three product categories.
From CLIs in the terminal, to async coding in the cloud, to agent-first IDEs: all of it arrived within a single year.
Agents that code, agents off the shelf, platforms to build your own agents. Together, they show how deeply cloud vendors are investing in the agent ecosystem. Then in the first half of this year, Microsoft and AWS each turned agent governance itself into a product: AWS rounded out AgentCore with a full set of governance services (Policy, Evaluations, Registry), and Microsoft consolidated its tools into a single product, Agent 365. The time has come for enterprises to put agent governance frameworks in place.
💡 Here is the interesting part. Put the two governance offerings side by side: one is a unified control plane (Agent 365), the other a set of composable services (AgentCore). Their architectures are fundamentally different, yet the governance controls are strikingly similar. When competitors converge on the same list, it stops being marketing and becomes the baseline requirement for agent governance.
For now, these six dimensions mainly govern the scope of what the agent does. The agent’s autonomy still rests on just two control points: a Human-in-the-Loop (HITL) gate before execution, and evaluation after execution.
One final reminder: deploying a platform is not the same as establishing governance. On AWS, governance services are largely opt-in and must be explicitly enabled and integrated. On Microsoft’s side, agents built through developer SDKs may bypass administrative controls altogether.
Once the tooling is in place, the real question for your architecture review is no longer “Do we have governance controls?” but rather “Are they actually wired together?”
Agent platforms will continue to evolve, but the fundamentals of agent governance are already becoming clear. The time to prepare is now. 🚀
Is your organization already running agents? Which of these six dimensions are you least confident about?
]]>The files exist. No one knows where they are.
This is a scenario familiar to many small businesses and organizations: decades of operational data, reports, and policies — all saved, yet scattered across infinite “clones.” A LINE chat from two years ago, an email attachment someone forwarded, a personal folder full of “v3,” “revised,” and “final-FINAL” versions. No one can say with confidence which one is the Source of Truth.
Unwritten rules and special use cases exist only in the heads of employees. When they leave, that information doesn’t get handed over — it just disappears.
🤖 Why now? Gemini, Copilot, and a growing suite of AI collaboration tools are ready to help organizations retrieve knowledge faster, but they have one non-negotiable prerequisite: the data must be defined, available, and structured.
A well-designed information architecture isn’t just about tidying up files; it’s the foundational infrastructure that makes AI actually work. For resource-constrained organizations, this challenge is harder than it looks. Large enterprises can absorb technical debt; a thirty-person nonprofit cannot. When your “IT department” is a finance manager wearing three hats, every architectural decision becomes a constraint that will outlive the consultant who recommended it.
The design constraint: Whatever you build must be able to run without you.
A clean information architecture isn’t just good housekeeping; it’s the infrastructure for the AI era. Let the architecture carry the organization forward — not the people.
Is yours ready?
]]>During a field visit, I noticed something interesting: across projects of the same nature, the same work was owned by entirely different roles in different teams.
This signals a breakdown on two levels. On the governance side: the same roles carry no consistent R&R across the organization. On the management side: managers have never been held accountable for their people’s output.
No standards. No one asking why. Driving transformation on this foundation is like building without a foundation.
Ineffective management isn’t just a small-business problem. A former senior manager who spent years at a well-established multinational shared this observation after leaving: the real issue wasn’t AI or market shifts — it was that the organization had quietly lost the ability to manage.
Headcount had become a proxy for power, accountability had diffused across too many layers, and no one was truly responsible for outcomes. The dysfunction looked different from the outside, but the root cause was the same.
Transformation doesn’t stall because the tools are wrong. It stalls because real management has never existed.
Effective management is like holding a stick: wherever your hand points, the stick points. Force applied at the top transmits faithfully all the way to the bottom. Ineffective management is like holding a rope: the direction your hand points doesn’t reach the rope, and the force dissipates somewhere in the middle — no matter how hard you push, the other end never feels it. A stick transmits force. A rope absorbs it. The difference is whether management actually exists.
Some companies rush to catch the AI wave — hiring AI roles, bringing in AI consultants. But their processes are fragmented and their data has never been properly collected or organized. Data is the fuel of AI. Without that foundation, everything else is just spinning in place. The logic of management is exactly the same.
This points to what transformation consultants are actually here to do: help organizations see clearly whether they’re holding a stick or a rope, and articulate what that means for their transformation journey. But turning the rope into a stick — that’s the organization’s own responsibility.
Before a system collapses, it usually just quietly turns from a stick into a rope. Call it transformation if you want — but it still comes down to management.
]]>We’ve all seen it: a new initiative is launched, and the immediate pushback is, “I’m already swamped; I don’t have time for this.” This reaction isn’t just about a lack of proactivity; more often, it simply reflects that the current workflows are not the most efficient.
Beyond poor workload distribution, many employees are stuck in a cycle of “inefficient busyness” — spending massive amounts of energy on low-value tasks (the Parkinson’s Law of Triviality). When their capacity is already stretched thin by inefficiency, even a small “extra” task feels like a breaking point.
Vision and mission statements aren’t always enough to move the needle at the grassroots level. To break the deadlock, we need tactical management actions:
1️⃣ Redefine R&R and Realign Value: Ask the hard questions. “Is my value found in manually copy-pasting Excel data, or in generating actionable insights from that data?”
2️⃣ Create the Motivation to act: Motivation requires both a “pull” (incentives) and a “push” (a sense of urgency or crisis).
3️⃣ Equip the team to succeed: Using a modern AI analogy: once the brain (mindset) is ready, it still needs the right tools and skills to reach the goal.
In many cases, employee resistance is not driven by unwillingness, but by a lack of capability. When people don’t feel equipped to succeed, hesitation is a rational response.
The Bottom Line: Organizational transformation is a psychological game, not a tech race. Only when employees realize that change is designed to help them work smarter, not harder, will a true cultural shift begin. 🚀
]]>With cloud solutions widely adopted by enterprises of all sizes, this incident is a great indication that information security knowledge is essential for all corporate ITs.
The tricky part of this incident: even though the data is public online, if there’s no access to the data, it’s hard to be detected with monitoring systems.
Here’s my takeaway from this incident: