Monthly Archives: March 2025

Cloud’s Accelerated Evolution: Lessons from Telecom’s Century of Change

Telecom’s Transformation: Lessons for Cloud Providers

In 1984, AT&T was the undisputed titan of American business—a monopolistic giant controlling communication infrastructure so vital that it was deemed too essential to fail. Its operational expertise in managing the world’s most complex network was unmatched, its infrastructure an impenetrable competitive moat, and its market position seemingly unassailable.

Four decades later, telecom companies have been substantially transformed. Their networks, while still valuable assets, no longer command the premium they once did. The 2024 Salt Typhoon cyberattacks revealed vulnerabilities in these once-impregnable systems—targeting nine major US telecom providers and compromising systems so thoroughly that the FBI directed citizens toward encrypted messaging platforms instead of traditional communication channels.

This transformation contains critical lessons for today’s cloud providers.

Telecom’s journey followed a predictable path:

Innovation to Infrastructure: Pioneering breakthroughs like the telephone transformed into sprawling physical networks that became impossible for competitors to replicate.
Operational Excellence as Moat: By mid-century, telecom giants weren’t just valued for their copper wire—their ability to operate complex networks at scale became their true competitive advantage.
Standardization and Erosion: Over decades, standardization (TCP/IP protocols) and regulatory action (AT&T’s breakup) gradually eroded these advantages, turning proprietary knowledge into common practice.
Value Migration: As physical networks became standardized, value shifted to software and services running atop them. Companies like Skype and WhatsApp captured value without owning a single mile of cable.
Security Crisis: Commoditization led to chronic underinvestment, culminating in the catastrophic Salt Typhoon vulnerabilities that finally shattered the public’s trust in legacy providers.

Cloud providers are accelerating through similar phases, though with important distinctions that may alter their trajectory.

Cloud’s Compressed Evolution: 7x Faster Than Telecom

The cloud industry is experiencing its innovation-to-commoditization cycle at hyperspeed. What took telecom a century is unfolding for cloud in approximately 15 years—a roughly 7-fold acceleration—though the endgame may differ significantly.

Consider the timeline compression:

What took long-distance calling nearly 50 years to transform from premium service to essentially free, cloud storage accomplished in less than a decade—with prices dropping over 90%.
Features that once justified premium pricing (load balancing, auto-scaling, managed databases) rapidly became table stakes across all providers.
APIs and interfaces that were once proprietary differentiators are now essentially standardized, with customers demanding cross-cloud compatibility.

This accelerated commoditization has forced cloud providers to rely heavily on their two enduring advantages:

Massive Infrastructure Scale: The capital-intensive nature of global data center networks
Operational Excellence: The specialized expertise required to run complex, global systems reliably

The first advantage remains formidable—the sheer scale of hyperscalers’ infrastructure represents a massive barrier to entry that will endure. The second, however, faces new challenges.

The Evolving Moat: How AI is Transforming Operational Expertise

Cloud providers’ most valuable operational asset has been the expertise required to run complex, distributed systems at scale. This knowledge has been nearly impossible to replicate, requiring years of specialized experience managing intricate environments.

AI is now systematically transforming this landscape:

AI-Powered Operations Platforms: New tools are encapsulating advanced operational knowledge, enabling teams to implement practices once reserved for elite cloud operations groups.
Cross-Cloud Management Systems: Standardized tools and AI assistance are making it possible for organizations to achieve operational excellence across multiple cloud providers simultaneously—an important shift in vendor dynamics.
Democratized Security Controls: Advanced security practices once requiring specialized knowledge are now embedded in automated tools, making sophisticated protection more widely accessible.

AI is transforming operational expertise in cloud computing. It isn’t eliminating the value of human expertise but rather changing who can possess it and how it’s applied. Tasks that once took years for human operators to master can now be implemented more consistently by AI systems. However, these systems have important limitations that still require human experts to address. While AI reduces the need for certain routine skills, it amplifies the importance of human experts in strategic oversight, ensuring that AI is used effectively and ethically.

The New Infrastructure Reality: Beyond Provider Lock-In

The fundamental value of cloud infrastructure isn’t diminishing—in fact, with AI workloads demanding unprecedented compute resources, the physical footprint of major providers becomes even more valuable. What’s changing is the level of provider-specific expertise required to leverage that infrastructure effectively.

The Multi-Cloud Opportunity

AI-powered operations are making multi-cloud strategies increasingly practical:

Workload Portability: Organizations can move applications between clouds with reduced friction
Best-of-Breed Selection: Companies can choose optimal providers for specific workloads
Cost Optimization: Customers can leverage price competition between providers more effectively
Risk Mitigation: Businesses can reduce dependency on any single provider

This doesn’t mean companies will abandon major cloud providers. Rather, they’ll be more selective about where different workloads run and more willing to distribute them across providers when advantageous. The infrastructure remains essential—what changes is the degree of lock-in.

The New Challenges: Emerging Demands on Cloud Operations

As operational advantages evolve, cloud providers face several converging forces that will fundamentally reshape traditional models. These emerging challenges extend beyond conventional scaling issues, creating qualitative shifts in how cloud infrastructure must be designed, managed, and secured.

The Vibe Coding Revolution

“Vibe coding” transforms development by enabling developers to describe problems in natural language and have AI generate the underlying code. This democratizes software creation while introducing different infrastructure demands:

Applications become more dynamic and experimental, requiring more flexible resources
Development velocity accelerates dramatically, challenging traditional operational models
Debugging shifts from code-focused to prompt-focused paradigms

As newer generations of developers increasingly rely on LLMs, critical security challenges emerge around software integrity and trust. The abstraction between developer intent and implementation creates potential blind spots, requiring governance models that balance accessibility with security.

Meanwhile, agentic AI reshapes application deployment through autonomous task orchestration. These agents integrate disparate services and challenge traditional SaaS models as business logic migrates into AI. Together, these trends accelerate cloud adoption while creating challenges for conventional operational practices.

The IoT and Robotics Acceleration

The Internet of Things is creating unprecedented complexity with over 30 billion connected devices projected by 2026. This expansion fragments the operational model, requiring seamless management across central cloud and thousands of edge locations. The boundary between edge and cloud creates new security challenges that benefit from AI-assisted operations.

Robotics extends this complexity further as systems with physical agency:

Exhibit emergent behaviors that weren’t explicitly programmed
Create operational challenges where physical and digital domains converge
Introduce security implications that extend beyond data protection to physical safety
Require real-time processing with strict latency guarantees that traditional cloud models struggle to address

The fleet management of thousands of semi-autonomous systems requires entirely new operational paradigms that bridge physical and digital domains.

The AI Compute Demand

AI training and inference are reshaping infrastructure requirements in ways that differ fundamentally from traditional workloads. Large language model training requires unprecedented compute capacity, while inference workloads demand high availability with specific performance characteristics. The specialized hardware requirements create new operational complexities as organizations balance:

Resource allocation between training and inference
Specialized accelerators with different performance characteristics
Cost optimization as AI budgets expand across organizations
Dynamic scaling to accommodate unpredictable workload patterns

These represent fundamentally different resource consumption patterns that cloud architectures must adapt to support—not simply larger versions of existing workloads.

The Security Imperative

As systems grow more complex, security approaches must evolve beyond traditional models. The attack surface has expanded beyond what manual security operations can effectively defend, while AI-powered attacks require equally sophisticated defensive capabilities. New security challenges include:

Vibe-coded applications where developers may not fully understand the generated code’s security implications
Robotics systems with physical agency creating safety concerns beyond data protection
Emergent behaviors in AI-powered systems requiring dynamic security approaches
Compliance requirements across jurisdictions demanding consistent enforcement at scale

Current cloud operations—even with elite human teams—cannot scale to these demands. The gap between operational requirements and human capabilities points toward AI-augmented security as the only viable path forward.

The Changing Competitive Landscape: A 5-10 Year Horizon

Over the next 5-10 years, these technological shifts will create significant changes in the cloud marketplace. While the timing and magnitude of these changes may vary, clear patterns are emerging that will reshape competitive dynamics, pricing models, and value creation across the industry.

Value Migration to Orchestration and Agentic Layers

Just as telecom saw value shift from physical networks to OTT services, cloud is experiencing value migration toward higher layers of abstraction. Value is increasingly found in:

Multi-cloud management platforms that abstract away provider differences
AI-powered operations tools that reduce the expertise barrier
Specialized services optimized for specific workloads or regulatory regimes
AI development platforms that facilitate vibe coding approaches
Agentic AI systems that can autonomously orchestrate tasks across multiple services
Hybrid SaaS/AI solutions that combine traditional business logic with intelligent automation

This doesn’t eliminate infrastructure’s value but alters competitive dynamics and potentially compresses margins for undifferentiated services. As Chuck Whitten noted regarding agentic AI’s impact on SaaS: “Transitions lead not to extinction but to transformation, adaptation, and coexistence.”

Increased Price Sensitivity for Commodity Services

As switching costs decrease through standardization and AI-powered operations, market dynamics shift significantly. We’re seeing:

Basic compute, storage, and networking becoming more price-sensitive
Value-added services facing more direct competition across providers
Specialized capabilities maintaining premium pricing while commoditized services face margin pressure

This creates a strategic landscape where providers must carefully balance commoditized offerings with differentiated services that address specific performance, security, or compliance requirements.

The Rise of Specialized Clouds

The market is evolving toward specialization rather than one-size-fits-all solutions. Three key categories are emerging:

Industry-specific clouds optimized for particular regulatory requirements in healthcare, finance, and government
Performance-optimized environments for specific workload types like AI, HPC, and real-time analytics
Sovereignty-focused offerings addressing geopolitical concerns around data governance and control

These specialized environments maintain premium pricing even as general-purpose computing becomes commoditized, creating opportunities for focused strategies that align with specific customer needs.

Salt Typhoon as a Cautionary Tale

The telecom industry’s commoditization journey reached a critical inflection point with the 2024-2025 Salt Typhoon cyberattacks. These sophisticated breaches targeted nine major US telecommunications companies, including giants like Verizon, AT&T, and T-Mobile, compromising sensitive systems and exposing metadata for over a million users. This crisis revealed how commoditization had led to chronic underinvestment in security innovation and resilience.

The aftermath was unprecedented: the FBI directed citizens toward encrypted messaging platforms as alternatives to traditional telecommunication—effectively steering users away from legacy infrastructure toward newer, more secure platforms. This government-endorsed abandonment of core telecom services represented the ultimate consequence of commoditization. Just as commoditization eroded telecom’s security resilience, cloud providers risk a similar fate if they grow complacent in an increasingly standardized market.

While cloud providers currently prioritize security more than telecom historically did, the Salt Typhoon incident illustrates the dangers of underinvestment in a commoditizing field. With innovation cycles compressed roughly 7-fold compared to telecom—meaning cloud technologies evolve at a pace telecom took decades to achieve—they have even less time to adapt before facing similar existential challenges. As AI agents and orchestration platforms abstract cloud-specific expertise—much like telecom’s reliance on standardized systems—security vulnerabilities could emerge, mirroring the weaknesses Salt Typhoon exploited.

Stakeholder Implications

The accelerating commoditization of cloud services transforms the roles and relationships of all stakeholders in the ecosystem. Understanding these implications is essential for strategic planning.

For Operations Teams

The shift from hands-on execution to strategic oversight represents a fundamental change in skill requirements. Engineers who once manually configured infrastructure will increasingly direct AI systems that handle implementation details. This evolution mirrors how telecom network engineers transitioned from hardware specialists to network architects as physical infrastructure became abstracted.

Success in this new paradigm requires developing expertise in:

AI oversight and governance
Cross-cloud policy management
Strategic technology planning
Risk assessment and mitigation

Rather than platform-specific implementation knowledge, the premium skills become those focused on business outcomes, security posture, and strategic optimization.

For Customers & End Users

The democratization of operational expertise through AI fundamentally transforms the customer’s role in the cloud ecosystem. Just as telecom users evolved from passive consumers of fixed telephone lines to active managers of their communication tools, cloud customers are transitioning from consumers of provider expertise to directors of AI-powered operations.

Enterprise teams no longer need specialized knowledge for each platform, as AI agents abstract away complexity. Decision-making shifts from “which cloud provider has the best expertise?” to “which orchestration layer best manages our multi-cloud AI operations?” This democratization dramatically reduces technical barriers to cloud migration and multi-cloud strategies, accelerating adoption while increasing provider switching frequency.

For Security Posture

The Salt Typhoon breach offers a sobering lesson about prioritizing efficiency over security innovation. The democratization of operational expertise through AI creates a paradox: security becomes both more challenging to maintain and more essential as a differentiator.

Organizations that can augment AI-driven security with human expertise in threat hunting and response will maintain an edge in an increasingly commoditized landscape. Without this focus, cloud providers risk becoming the next victims of a Salt Typhoon-scale breach that could potentially result in similar government recommendations to abandon their services for more secure alternatives.

For the Industry as a Whole

The drastic compression of innovation cycles means even foundational assets—massive infrastructure and deep operational expertise—face unprecedented pressure. Cloud providers must simultaneously integrate new AI capabilities while preserving their core strengths.

The rapid emergence of third-party orchestration layers is creating a new competitive battleground above individual clouds. This mirrors how over-the-top services disrupted telecom’s business model. Cloud providers that fail to adapt to this new reality risk following the path of telecom giants that were reduced to “dumb pipes” as value moved up the stack.

The Strategic Imperative: Evolution, Not Extinction

Cloud providers face a significant strategic challenge, but not extinction. The way forward requires evolution rather than entrenchment, with four key imperatives that can guide successful adaptation to this changing landscape. These strategies recognize that cloud’s value proposition is evolving rather than disappearing.

Embrace AI-Enhanced Operations

Providers that proactively integrate AI into their operational models gain significant advantages by:

Delivering higher reliability and security at scale
Reducing customer operational friction through intelligent automation
Focusing human expertise on high-value problems rather than routine tasks
Creating self-service experiences that democratize capabilities while maintaining differentiation

The competitive advantage comes not from simply adopting AI tools, but from reimagining operations with intelligence embedded throughout the stack—transforming how services are delivered, monitored, and optimized.

Lead the Multi-Cloud Transition

Rather than resisting multi-cloud adoption, forward-thinking providers are positioning themselves to lead this transition by:

Creating their own cross-cloud management capabilities
Optimizing for specific workloads where they excel
Developing migration paths that make them the preferred destination for critical workloads
Building partnership ecosystems that enhance their position in multi-cloud environments

The goal is becoming the strategic foundation within a multi-cloud strategy, rather than fighting against the inevitable trend toward workload distribution and portability.

Invest in Infrastructure Differentiation

Physical infrastructure remains a durable advantage when strategically positioned. Differentiation opportunities include:

Specialization for emerging workloads like AI
Optimization for performance characteristics that matter to key customer segments
Strategic positioning to address sovereignty and compliance requirements
Energy efficiency design in an increasingly carbon-conscious market
Architecture to support real-time processing demands of robotics and autonomous systems
Ultra-low latency capabilities for mission-critical applications

Infrastructure isn’t becoming irrelevant—it’s becoming more specialized, with different characteristics valued by different customer segments.

Develop Ecosystem Stickiness

Beyond technical lock-in, providers can build lasting relationships through ecosystem investments:

Developer communities that foster innovation and knowledge sharing
Education and certification programs that develop expertise
Partner networks that create business value beyond technical capabilities
Industry-specific solutions that address complete business problems

This ecosystem approach recognizes that relationships and knowledge investments often create stronger bonds than technical dependencies alone, leading to more sustainable competitive advantages over time.

The Path Forward: Three Strategic Options

Cloud providers have three strategic options to avoid the telecom commoditization trap as I see it right now:

Vertical integration into industry-specific solutions that combine infrastructure, expertise, and deep industry knowledge in ways difficult to commoditize. This approach focuses on value creation through specialized understanding of regulated industries like healthcare, finance, and government.
Specialization in emerging complexity areas where operational challenges remain high and AI assistance is still developing. These include domains like quantum computing, advanced AI training infrastructure, and specialized hardware acceleration that resist commoditization through continuous innovation.
Embracing the orchestration layer by shifting focus from infrastructure to becoming the universal fabric that connects and secures all computing environments. Rather than fighting the abstraction trend, this strategy positions providers at the center of the multi-cloud ecosystem.

Conclusion

Cloud providers face a clear choice, continue investing solely in operational excellence that is gradually being democratized by AI, or evolve their value proposition to emphasize their enduring advantages while embracing the changing operational landscape.

For cloud customers, the message is equally clear: while infrastructure remains critical, the flexibility to leverage multiple providers through AI-powered operations creates new strategic options. Organizations that build intelligence-enhanced operational capabilities now will gain unprecedented flexibility while potentially reducing costs and improving reliability.

The pattern differs meaningfully from telecom. While telecommunications became true commodities with minimal differentiation, cloud infrastructure maintains significant differentiation potential through performance characteristics, geographic distribution, specialized capabilities, and ecosystem value. The challenge for providers is to emphasize these differences while adapting to a world where operational expertise becomes more widely distributed through AI.

The time to embrace this transition isn’t in some distant future—it’s now. Over the next 5-10 years, the providers who recognize these shifts early and adapt their strategies accordingly will maintain leadership positions, while those who resist may find their advantages gradually eroding as customers gain more options through AI-enhanced operations.

The evolution toward AI-enhanced operations isn’t just another technology trend—it’s a significant shift in how cloud value is created and captured. The providers who understand this transformation will be best positioned to thrive in the next phase of cloud’s rapid evolution.

Understanding Enterprise Security Buyer Dynamics

The Buyer Hierarchy

The first key concept to understand is the buyer hierarchy in enterprise security.

Figure 1: The Buyer Hierarchy

This pyramid structure represents who typically makes purchasing decisions at different price points:

At the base of the pyramid are Security and IT Managers. These individuals make most purchase decisions, particularly for:

Standard solutions with established budget lines
Renewals of existing products
Smaller ticket items
Solutions addressing immediate operational needs

Moving up the pyramid, we find Security and IT Directors who typically approve:

Larger deals requiring more significant investment
Cross-team solutions
Products requiring department-wide adoption
Solutions addressing department-level strategic initiatives

At the top sits the CISO (Chief Information Security Officer), who rarely gets involved in individual purchase decisions except for:

Large deals with significant impact
Strategic initiatives affecting the entire security program
Unbudgeted items requiring special allocation
Emerging technology requiring executive sponsorship

The Champion vs. Buyer Dynamic

In security sales, it’s crucial to distinguish between two key players:

The Champion: This person is chartered to solve the problem. They’re typically your main point of contact and technical evaluator – often a security engineer, DevOps lead, or IT admin. They’ll advocate for your solution but rarely control the budget.

The Buyer: This is the person who owns the budget. Depending on the size of the deal, this could be a manager, director, or in some cases, the CISO. They make the final purchasing decision.

Understanding this dynamic is critical. Too many sales efforts fail because they convinced the champion but never engaged the actual buyer.

The Budget Factor

Another critical dimension is whether your solution is:

Pre-budgeted: Already planned and allocated in the current fiscal year
Unbudgeted: Requires new budget allocation or reallocation from other initiatives

Figure 2: Budgetary Timing Diagram

This distinction dramatically impacts who needs to approve the purchase. Unbudgeted items almost always require higher-level approval – typically at the CISO level for any significant expenditure, as they have the authority to reallocate funds or tap into contingency budgets.

The Cross-Organizational Challenge

A critical dimension often overlooked in enterprise security sales is cross-organizational dynamics.

When security purchases span multiple departments (e.g., budget from Compliance, implementation by Engineering), the buyer hierarchy becomes more complex. Moving funds between departmental budgets often requires executive approval above the standard buyer level.

Different departments operate with separate success metrics, priorities, and approval chains. What solves one team’s problems may create work for another with no benefit to their goals. These cross-organizational deals typically extend sales cycles by 30-50%.

For vendors navigating these scenarios, success depends on mapping all stakeholders across departments, creating targeted value propositions for each group, and sometimes elevating deals to executives who can resolve cross-departmental conflicts.

The Cost of Sale Framework

As solutions become more enterprise-focused, the cost of sale increases dramatically.

Figure 3: Cost of Sale Diagram

This framework illustrates a critical principle: The cost of sale must be aligned with the buyer level.

For solutions with a higher cost of sale (requiring more sales personnel time, longer sales cycles, more supporting resources), vendors must sell higher in the organization to ensure deal sizes justify these costs.

Key components affecting cost of sale include:

Sales personnel salary
Number of accounts per sales rep
Sales cycle length
Supporting resources required

This explains why enterprise security vendors selling complex solutions must target the CISO budget – it’s the only way to recoup their significant cost of sale.

Relationship Dynamics and Timing Considerations

While understanding the buyer hierarchy is essential, most successful enterprise security deals don’t happen solely through identifying the right level in an organization.

Figure 4: Cost of Sale Diagram

Two critical factors often determine success:

Relationship Development: Successful sales rarely happen in a transactional manner. They require:
- Building trust through consistent value delivery before the sale
- Understanding the internal politics and relationships between champions and buyers
- Developing multiple organizational touchpoints beyond just the champion
- Recognizing the personal career motivations of both champions and buyers
Timing Alignment: Even perfect solutions fail when timing is wrong:
- Budget cycle alignment is critical – engage 3-6 months before annual planning
- Crisis or incident response periods can accelerate purchases or freeze them
- Organizational changes (new leadership, restructuring) create both opportunities and risks
- Regulatory deadlines often drive urgent security investments

The most effective security vendors don’t just target the right level in the hierarchy – they strategically time their engagements and invest in relationship development that transcends organizational charts.

Practical Application

For security vendors, this framework provides practical guidance:

Know your buyer level: Based on your solution’s price point and complexity, identify your primary buyer persona (Manager, Director, or CISO)
Target champions appropriately: Ensure your technical messaging resonates with the people who will evaluate and champion your solution
Align marketing to both: Create distinct messaging for champions (technical value) and buyers (business value)
Understand the budget cycle: Time your sales efforts to align with budget planning for better success with larger deals
Match sales approach to cost structure: Ensure your go-to-market approach and resources match your cost of sale

By aligning your sales and marketing efforts with these buyer dynamics, you’ll significantly improve your efficiency and close rates in the enterprise security market.

To explore building broader adoption for security solutions before the sale, see Educating the Champion, the Buyer, and the Market

TPMs, TEEs, and Everything In Between: What You Actually Need to Know

2 Replies

Ever been in a meeting where someone drops terms like “TEE,” “TPM,” or “FIPS-certified” and everyone nods along, pretending they understand? Yeah, me too.

Last night I saw JP Aumasson tweet something that hit home:

“Some discussions would be so much easier if people knew the definitions of ‘TEE’, ‘TPM’, ‘Secure element’, ‘Secure enclave’, ‘HSM’, ‘Trusted computing’, ‘FIPS(140-2/3)-certified’, ‘Common criteria’, ‘security target’, etc. Plus now the marketing-oriented term ‘confidential computing’ is used to mean a variety of things with varying security properties.”

He’s right – the security tech space is a mess of overlapping terms, marketing buzzwords, and genuine technical concepts. So I threw together a guide to sort this stuff out.

What’s Actually Different Between These Things?

At their core, these technologies do three things:

Minimize what code you need to trust (the TCB)
Create isolation between different parts of a system
Establish trust across different machines

A TPM is not the same as a TEE. Intel SGX is not identical to AMD SEV. And no, slapping “FIPS-certified” on your product doesn’t automatically make it secure.

The Real-World Impact

When your vendor says they use “Confidential Computing,” do you know what that actually means for your data? Could be anything from “your data is encrypted in memory” to “we’ve got a fancy marketing term for standard virtualization.”

The differences matter. A secure element in your phone has around 10-50KB of trusted code. A standard Linux kernel? About 27.8 MILLION lines. One of these is much easier to secure than the other.

When Things Break

Even the most certified security tech fails. Hardware Security Modules (HSMs) with FIPS 140-2 certification—supposedly the gold standard for cryptographic security—have been compromised by design flaws. Look at the 2015 Safenet HSM vulnerability where API flaws in the PKCS#11 interface allowed full key extraction. Attackers with authenticated access could exploit weak key derivation mechanisms to extract the very keys the HSM was designed to protect.

Bottom line: No security technology is perfect. Each has its place, limitations, and potential failure modes.

I’ve put together a full technical deep-dive on this topic: From TPMs to TEEs: How Security Technologies Work—and Where They Fail.

As Winston Churchill observed, “He who fails to plan is planning to fail.” Understanding what’s under the hood of these technologies isn’t just academic—it’s essential for building systems that can actually withstand the threats they’ll face.

Operational Evolution Revisited: How AI-Native Systems Will Revolutionize Infrastructure

The Journey of Operational Evolution

From the hands-on Sysops era of the 1960s-80s when operators physically managed as as little as few to 10s of servers each, to the System Administration period of the 1990s when centralized tools expanded reach to hundreds of systems, technology operations have continuously transformed. DevOps emerged in the mid-2000s, leveraging Infrastructure as Code to manage thousands of systems, followed by SRE practices in the 2010s with error budgets and self-healing systems handling tens of thousands of containers. Looking ahead to 2025, AI-Driven Operations promises autonomous management of millions of components.

Each transition has been driven by necessity – not choice – as technology’s relentless complexity has overwhelmed previous operational models.

The Machine Concept Has Transformed

What’s particularly interesting is how we use the word “machine” has changed dramatically. In the early days, machines were physical servers with stable operating systems and predictable maintenance schedules. Today, with serverless computing, the very concept of a server has become fluid – functions materialize only when triggered, often lasting mere seconds before vanishing.

This ephemeral nature of modern computing creates unprecedented coordination challenges that exceed manual and even moderate automation approaches to management.

The Limits of Current Approaches

Even advanced DevOps and SRE practices are struggling with the scale and complexity of today’s systems. Many vendors have responded by adding AI or ML features to their products, but these “bolt-on” enhancements only provide incremental benefits – analyzing logs, detecting anomalies, or generating suggestions for known issues.

What’s needed is a more fundamental reimagining of operations, similar to how cloud-native architectures transformed infrastructure beyond simple virtualization.

AI-Native: A New Operational Paradigm

An AI-native platform isn’t just software that applies ML algorithms to operational data. It’s a new foundation where intelligence is deeply integrated into orchestration, observability, security, and compliance layers.

In these systems:

Instrumentation is dynamic and context-aware
Security is adaptive, learning normal communication patterns and immediately flagging and in even some cases quarantining anomalous processes
Compliance shifts from periodic audits to continuous enforcement

The timeline above illustrates how each operational era has enabled engineers to manage exponentially more systems as complexity has grown.

This diagram shows the widening gap between human management capacity and system complexity, which AI-native operations will ultimatley address.

The Human Role Transforms, Not Disappears

Rather than eliminating jobs, AI-native operations redefine how engineers spend their time. As a result, we will ultimately see the concept “force multiplier engineers” who will build advanced AI-driven frameworks that amplify the productivity of all other developers.

Freed from repetitive tasks like scaling, patching, and log parsing, these professionals can focus on innovation, architecture, and strategic risk management.

The Inevitable Shift

This transition isn’t optional but inevitable. As systems become more fragmented, ephemeral, and globally distributed, conventional approaches simply can’t keep pace with the complexity.

Those who embrace AI-native operations early will gain significant advantages in reliability, security, cost-efficiency, and talent utilization. Those who hesitate risk being overwhelmed by complexity that grows faster than their capacity to manage it.

What do you think about the future of AI in operations? Are you seeing early signs of this transition in your organization? Let me know in the comments!

Here is a whitepaper on this topic I threw together: Operational Evolution Revisited: How AI-Native Systems Will Revolutionize Infrastructure