Data Custodian

In our previous post, we established that AI agents are a new class of dynamic identity, secured by short-lived credentials like JWTs . But the challenge doesn't end with provisioning. The true test of an enterprise-grade AI deployment lies in Agent Lifecycle Management (ALM) : how you back up an agent's "mind," manage its dynamic credentials, and continuously monitor its behavior for drift or malice. This requires shifting the focus from static configuration backups to identity resilience and behavioral integrity . 1. Backing Up the Agent: Resilience, Not Just Data  An AI agent's identity is intrinsically linked to its operational context and unique capabilities. Backing up an agent means capturing the components that make it act the way it does. The key is to manage these components under version control and immutable storage for the ultimate purpose: Agent Rewind —the ability to undo unwanted, autonomous actions without system-wide disruption. Agent Compone...

In the digital world, identity is the fundamental key to access, accountability, and security. Historically, this concept has been limited to human users and machine accounts . However, the rise of powerful, autonomous AI agents is forcing a critical evolution, introducing a third, more complex flavor of identity that we must learn to manage.  In recents weeks I've had some long discussions about this problem and it makes for a great blog series, so be on the look out for additional blogs as well on this topic. The Traditional Digital Identity Landscape Understanding the new challenge begins with distinguishing the two traditional identity types: Feature Human Identity Machine/Non-Human Identity (NHI) User Type Individual person (employee, customer) Software, device, workload (API key, service account, IoT device) Authentication Passwords, Multi-Factor Authentication (MFA), Single Sign-On (SSO) Static keys/secrets, certificates, managed identities Behavior Episodic, follows busi...

Our previous post argued that in a world of increasing systemic risk, Resilience Operations (ResOps) is not a luxury but a strategic necessity. We established that traditional DR/BCP is too system-focused, and modern "Ops" silos lack the enterprise-wide mandate to handle multi-faceted, "severe but plausible" crises. The critical question remains: How do we practically transition from siloed recovery planning to a holistic ResOps discipline? The shift requires more than just new technology; it demands a clear framework, defined roles, and a cultural change that views resilience as a continuous engineering endeavor, not a yearly compliance exercise. The ResOps Framework: Four Essential Stages A successful ResOps function operates in a continuous loop, ensuring that the organization constantly learns and adapts to maintain service delivery under stress. This process can be broken down into four foundational stages: 1. Identify & Map: Defining the Critical Core The...

  The global conversation around data sovereignty and digital trust has never been louder, especially in the European Union (EU). For enterprises—particularly those in highly regulated industries—the challenge of adopting cutting-edge technologies like AI without compromising strict EU data requirements has created a major roadblock. Workday is stepping up to directly address this challenge with the announcement of the Workday EU Sovereign Cloud . This strategic move isn't just about ticking a compliance box; it's a foundational commitment to building trust and enabling EU-based organizations to innovate confidently. If you want to read a bit more in depth version, you can read it over on my blog Data Custodian Why Workday Is "Doing Things Right" for Data Sovereignty Workday's approach goes beyond simply storing data in the EU. It establishes a multi-layered sovereignty posture that addresses compliance from the infrastructure up to the personnel level. 1. Full...

  In the ever-accelerating world of technology and business, new "Ops" cultures seem to emerge with increasing regularity. From the foundational shift of DevOps to the specialized focus of MLOps and FinOps, these movements aim to bring efficiency, collaboration, and specific expertise to complex operational challenges. But there's a growing whisper, turning into a roar, about the need for something more fundamental: Resilience Operations (ResOps) . Is it just another buzzword, or is it the critical next step in ensuring our organizations can truly withstand the shocks of a turbulent world? I'd argue it's not only time but long overdue. A Brief History of "Ops" Evolution To understand why ResOps is emerging now, it's helpful to look back at its predecessors and peers: 1. DevOps: Breaking Down Walls (circa 2007-2009) DevOps was a revolutionary movement born from the friction between Development (Dev) and Operations (Ops) teams. Developers wanted to pu...

We've spent enough time talking about data sovereignty as a challenge—a complex, expensive hurdle created by GDPR, GAIA-X, and national quirks. It’s time to flip the script. In a global market flooded with data breaches and geopolitical uncertainty, the ability to promise verifiable data control is no longer just about compliance; it's a premium feature. For both US and European companies, a strong sovereignty posture is the biggest competitive differentiator you have. This is the power of the "Trust Dividend" —the direct return on investment earned when you transform a compliance cost into a strategic, client-facing advantage. Communicating Control: Winning the Skeptical Client European customers, especially those in highly regulated industries like finance, healthcare, and government, aren't just checking a box for compliance; they're looking for a partner they can stake their entire business on. Skepticism is the default setting, so your job is to shift th...