惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
The Register - Security
The Register - Security
月光博客
月光博客
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The GitHub Blog
The GitHub Blog
博客园 - 司徒正美
罗磊的独立博客
U
Unit 42
S
SegmentFault 最新的问题
Y
Y Combinator Blog
博客园_首页
Hugging Face - Blog
Hugging Face - Blog
J
Java Code Geeks
Schneier on Security
Schneier on Security
Know Your Adversary
Know Your Adversary
C
Check Point Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Simon Willison's Weblog
Simon Willison's Weblog
V
Vulnerabilities – Threatpost
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
阮一峰的网络日志
阮一峰的网络日志
The Hacker News
The Hacker News
博客园 - 叶小钗
C
Cybersecurity and Infrastructure Security Agency CISA
Spread Privacy
Spread Privacy
L
LINUX DO - 热门话题
T
The Exploit Database - CXSecurity.com
P
Palo Alto Networks Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Latest news
Latest news
L
Lohrmann on Cybersecurity
A
About on SuperTechFans
L
LangChain Blog
Stack Overflow Blog
Stack Overflow Blog
S
Securelist
A
Arctic Wolf
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Threatpost
Scott Helme
Scott Helme
博客园 - 聂微东
博客园 - 【当耐特】
T
Tenable Blog
I
Intezer
D
DataBreaches.Net
B
Blog RSS Feed
Security Latest
Security Latest
C
Cisco Blogs
T
Tor Project blog
N
Netflix TechBlog - Medium

WhatIs

Strategic IT outlook: Tech conferences and events calendar | TechTarget 8 AI use cases in manufacturing Enterprises are making an AI native transformation Zero trust in the IT ops stack: Securing hybrid workloads How algorithmic value sets enhance clinical decision-making Top methods for collecting customer feedback Build a data governance team that delivers results How to calculate the total cost of ownership of ERP software Communities call for transparency in AI data center deals Scalable IT infrastructure: Balancing speed with stability How health systems are tackling 'Kill the Clipboard' obstacles Understanding the science behind AI-based hiring assessments Tape's strategic role in modern data protection How to choose an HR software system in 2026: A complete guide The UC stack gets the policy job Top zero-trust use cases in the enterprise 13 top IT infrastructure conferences in 2026 SNMP vs. CMIP: What's the difference? 3 essential network analytics use cases AI Security Risks Force CIOs to Rethink Strategy Red Hat Summit 2026 news and conference guide | TechTarget What is HR technology (human resources tech)? Understand, optimize and track customer journey touchpoints Should IT use Apple Business Manager without MDM? Build and organize an effective machine learning team The storage modernization imperative in a fast-changing IT landscape Procurement automation use cases for CSCOs to consider 3 steps for health system leaders to drive patient safety culture What is DevOps? Meaning, methodology and guide Enterprises Face New Storage Bottlenecks as AI Grows A guide to Intune Suite licensing for endpoint management Epic controls 42% of the US EHR market. Does that help or hurt interoperability? SAP Sapphire 2026 news, trends and analysis | TechTarget How to develop a data governance strategy: 7 key steps 12 generative AI tools for marketing and sales teams Top 9 smart contract platforms to consider in 2026 Top 8 e-signature software providers for 2026 Rise with SAP vs. S/4HANA Cloud: What are the differences? How businesses use KPIs to measure AI's performance 5 clues your network has shadow AI How do digital signatures work? Collaboration security and governance must be proactive Compare SAP greenfield vs. brownfield approach for S/4HANA Merck, Home Depot tap Gemini Enterprise for AI agent development Rural challenges may dampen digital healthcare's potential Build an ethical AI framework: 12 top resources The great workload reshuffle: Choices for AI and analytics How to remove a device from Intune enrollment Cisco unveils quantum network advancements 3 BYOD security risks and how to prevent them 10 of the top carbon accounting software 8 trends powering machine learning's dynamic new roles Network engineers must take the lead to push DDI to the cloud How does Microsoft 365 Copilot pricing and licensing work? ONC highlights behavioral health EHR adoption trends, data exchange barriers LLMs struggle with clinical reasoning, study finds Democratizing AI in business: The good, bad and ugly What can organizations do to address BYOD privacy concerns? Fix the service path before you optimize it with AI How AI reshapes upselling in customer experience platforms When collaboration starts becoming operational drag Balancing health AI management with growing vendor sprawl Career cure for AI phobia: Be a beekeeper, not a worker bee 16 top applicant tracking systems for 2026 How a rural community hospital deploys AI to detect heart disease 8 examples of document version control Guide to 30+ sustainability certifications for professionals AI agents are only as smart as the data that feeds them AI could earn trust in transactional work first How to fix keyboard connection issues on a remote desktop How to add and enroll devices to Microsoft Intune 11 DevSecOps best practices to prioritize in 2026 6 key components of a successful data strategy How to enable Copilot in Microsoft 365: A step-by-step guide What CIOs need to know about Meta's proposed CEO AI agent Top AI recruiting tools and software of 2026 How contact centers detect and prevent fraud 10 essential skills for modern contact center agents Beyond the chatbot: Engineering the agentic enterprise AI in business intelligence: How to manage it effectively Why legacy networks are a growing liability Failure is an option as an IT leadership tool How HR can create a successful change management strategy HR AI is becoming a change management story Digital transformation: Balancing speed and governance RSAC 2026 Conference: Key news and industry analysis | TechTarget 8 best practices for a bulletproof IAM strategy 5 customer journey phases businesses should understand 12 top HR software and tool options to consider in 2025 6 contact center trends shaping the future of customer service Contact center monitoring best practices for CX leaders Cloud vs. local backup: Which is right for your organization? 6 steps for when remote desktop credentials are not working How governance maturity affects M&A integration outcomes Inside the push to turn AI agents into suite functionality How should contact centers use AI today? Accenture global health lead on scaling AI in healthcare with governance and intent 10 best free DevOps certifications and training courses in 2026 What is compensation management? What CIOs must know about bossware strategy
6 ownership gaps that make software governance harder | TechTarget
James Alan Miller · 2026-06-26 · via WhatIs

Most enterprises can point to someone who owns part of the software estate. IT runs the platform. Procurement manages the contract. Security handles access. Business leaders care about the outcome. Data teams worry about quality. Vendors keep shipping updates.

That sounds like coverage. Often, it is really a set of partial owners working around the same system from different angles.

This matters because modern software governance is no longer only about deciding who can buy, deploy or administer a system. It is about who owns the rules, data, workflows, costs, exceptions, access, AI features and vendor-led changes once the system is already part of the business.

That is where governance gets harder.

The problem is not always that no one owns the software. More often, several groups own pieces of it, and the gaps between those groups become the risk.

A workflow breaks, and IT sees a configuration issue, while the business sees a process issue. A contract renews, and procurement sees a vendor discussion, while finance sees a budget problem, and business teams see a useful feature they do not want to lose. A security rule blocks access, and managers see a productivity issue. A data-quality problem shows up in a report, but no one can agree on whether the source system, the integration, the business process or the downstream analytics team owns the fix.

That is why enterprise software governance needs more than broad accountability. It needs clearer ownership at the places where decisions actually get made.

Governance is not just about who owns the application; it is also about who owns what the application does to the business.

Here are six ownership gaps that make software governance harder.

1. Business rules have no post-launch owner

Business rules often get a lot of attention during implementation. They are mapped, debated, configured, tested and signed off. Then the system goes live, the project team moves on, and the rules become part of the operating environment.

That is where the ownership question can get blurry: Who owns the approval threshold six months later? Who decides whether an exception path still makes sense? Who changes the routing rule when the business reorganizes? Who reviews whether the system is enforcing an old policy that no longer fits the work?

Those questions matter because business rules do not stay neutral. They shape what employees can do, which work moves forward, which exceptions get flagged and which decisions require review.

A rule can be technically correct and still wrong for the business moment. That is especially true when software spans ERP, HR, CX, collaboration and end-user computing environments. A rule that begins in one system can affect another: An employee status change can affect access. A customer service rule can affect billing. A procurement rule can affect supplier risk. A workflow rule can affect reporting. Governance breaks down when those rules are treated as configurations rather than as operating decisions.

That does not mean every setting needs a committee; it means the company needs someone who can say whether the rule still matches how the business is supposed to work. IT can change the setting, but the business has to own the meaning behind it. Without that owner, an old rule can keep doing exactly what it was configured to do, even after the operating model has moved on.

2. IT owns the platform but not the business outcome

IT often becomes the default owner of enterprise software because IT deploys, integrates, secures and supports the platform. That makes sense up to a point. But IT cannot be the only owner of whether the software changes the business outcome it was bought to improve. A CRM system can be available and still fail to improve customer follow-up. An HR system can be stable and still frustrate managers. An ERP workflow can process transactions and still leave finance reconciling data outside the system. A UC platform can support meetings, chat and recordings while still adding more noise than clarity.

Those are not only technical failures; they are also outcome failures.

This is where software change stalls. The platform might be live, but the organization has not finished changing around it. IT can keep the system running, but business leaders, managers, HR, finance, operations and other stakeholders still have to decide whether the work actually improved.

That split matters because governance can become too platform-centered. It asks whether the system is secure, stable and supported. Those questions are essential, but they are not enough.

Governance also has to ask whether the system is still serving the business purpose that justified the investment. That requires a different kind of ownership. Someone has to keep asking whether workflows still make sense, whether users have stopped relying on workarounds, whether reports are trusted, whether handoffs improved and whether the business outcome is visible enough to defend.

If the answer is no, the governance problem is not only in IT; it is also in the handoff between the platform and the work.

3. Procurement owns the contract but not usage drift

Procurement can negotiate the deal, but it cannot govern every way the software is used after the deal is signed.

That has always been true, but AI, usage-based pricing, bundled features and SaaS renewals make the gap more visible.

A vendor might add features inside an existing suite. A business team might expand usage because the tool is helpful. A department might turn on AI capabilities that were included in a package. A low-cost add-on might become part of a critical workflow. A renewal might arrive before anyone has measured whether the feature changed the work enough to justify the cost.

That is how subscription sprawl becomes a governance problem, not just a purchasing problem.

Procurement might own the commercial process. Finance might own the budget. IT might administer the platform. Business teams might drive usage. Security might worry about exposure. Legal might review the terms. The vendor might keep changing packaging, entitlements and product direction.

That is a lot of partial ownership for one software decision.

The risk is not only overspending; it is also losing the ability to connect spend to value.

This is why AI feature spend has become such a useful example. The question is not only what the AI feature costs but also who knows whether the feature is enabled, which teams use it, what work it changed, what risks it created and whether the company should renew, expand, renegotiate or shut it down.

That same logic applies beyond AI. Usage can drift after any software purchase. A tool bought for one team can spread. A module can become embedded in a workflow. A bundled capability can become hard to separate from the rest of the suite. A vendor roadmap can pull the enterprise into a feature set it did not originally plan to manage.

Procurement can help force clarity at renewal. But governance has to start before renewal. Someone has to own the running record of usage, value, risk and business dependency while the contract is still active.

Enterprise AI governance framework showing the controls and organizational layers needed to manage AI, data, risk and enterprise decision-making
Software governance increasingly depends on more than policy. As AI, automation and cross-platform workflows spread, enterprises need clearer ownership for data, access, risk, oversight and outcomes.

4. Security owns access but not every context decision

Security owns a critical part of software governance. It controls access, identity, permissions, authentication, policies and risk boundaries. Without that foundation, enterprise software gets dangerous quickly.

But access is not the whole governance question anymore. Increasingly, the harder issue is what the system knows about the moment in which access is being used.

Seeing a record is one thing. Acting on it is another. A user, manager or AI agent might have legitimate access and still be in the wrong workflow, using incomplete context or acting before another team has finished its part of the process.

Security can decide who gets in. The broader governance question is what the organization allows to happen after access is granted.

That distinction is becoming more important as AI agents, copilots, workflow automation and embedded analytics become part of normal software. Access controls matter, but they do not always answer questions about timing, purpose, data meaning, workflow state or business consequence.

This is why AI agents need boring rules to do useful work. A guardrail is not useful if no one owns the business meaning behind it. A rule can limit access, but someone still has to decide which context matters before the system acts.

Consider the everyday cases. A CRM record can be available while compliance has a hold open somewhere else. An employee transfer can be approved but not complete across HR, identity and payroll systems. A supplier can be acceptable for one category and restricted for another. A case can look ready to close even though billing or legal still has work to finish. Security belongs in those decisions. But it cannot carry all of them by itself.

Governance has to connect security controls to business context. That is where ethical AI governance becomes practical rather than abstract. Otherwise, the enterprise can mistake access for permission and permission for judgment.

5. Data teams own quality but not every downstream use

Data teams are often asked to own data quality. That is understandable. They are closer to data definitions, lineage, governance models, master data, integration patterns and reporting issues than many other groups. But data teams do not own every decision that uses the data.

That is where the gap opens. A data team might define a field. A business team might interpret it. A workflow might depend on it. A report might elevate it. An AI tool might summarize it. A finance team might use it for planning. A customer team might use it to decide who gets contacted, escalated or retained.

If the data is wrong, incomplete or stripped of context, the problem might show up far away from the system that created it. That makes governance more complicated.

This is where data and AI governance have to meet. Data quality is not only about clean records; it is also about whether the organization understands how those records are used downstream.

That is why ERP data becomes AI's next control problem. ERP data might be the system-of-record foundation, but once it moves into analytics, AI tools, workflows, agents, data platforms and business dashboards, the governance question changes. The issue is no longer only whether the data is protected; it is whether the data still carries the business meaning that made it trustworthy in the first place.

A customer status, supplier rating, employee role, product code or financial classification can mean different things in different systems. A data team can help define that meaning. But the business still has to own how that meaning affects decisions.

That is the ownership gap. Data governance can create the structure, but business owners need to be accountable for the decisions that rely on the data. Otherwise, the enterprise might clean the data without governing what the data does.

6. Vendors shape the roadmap, but the enterprise owns the risk

Enterprise software vendors now shape more of the operating environment than many companies like to admit. That is not a criticism. It is the reality of SaaS, cloud platforms, embedded AI, automatic updates, product bundles and vendor-led roadmaps.

A vendor might decide which features arrive next. It might change pricing. It might add AI capabilities. It might deprecate older functionality. It might shift development toward cloud-first products. It might change integration options, reporting tools, data controls, workflow features or the way third-party AI integrations connect to enterprise systems.

Those decisions can be rational from the vendor's point of view. They still create governance work for the enterprise, and they make CIO risk management part of the software ownership discussion.

That is the part buyers sometimes underplay. Outsourcing infrastructure or using cloud software does not outsource accountability. The vendor might run the platform, but the enterprise still owns the business risk created by the way the platform is used.

You can see the same issue in collaboration environments. A meeting platform is no longer just a place to talk. It can hold chat history, recordings, transcripts, summaries, retention rules and workflow signals. That gives the tool a policy role the business may not have planned for.

The same pattern shows up in ERP, HR, CX, analytics and end-user computing. Once software starts carrying more business context, vendor changes become governance changes, too.

A vendor roadmap can make a useful feature easier to adopt. It can also introduce new policy questions before the enterprise has decided who owns them: Who decides whether to enable the feature? Who reviews the data implications? Who explains the change to users? Who updates training? Who handles exceptions? Who watches for cost or risk drift? Who decides whether the vendor's direction still fits the company's operating model?

Those are enterprise questions. The vendor might shape the product, but the enterprise owns the consequences. Software governance needs owners at the seams.

Software governance does not fail only because nobody is responsible; it often fails in the handoffs that seemed covered on paper. A rule starts as a system setting, then turns into a fight over policy. A platform is up and running, but no one can say whether the work improved. Procurement negotiated the contract, but usage keeps spreading in ways the budget did not anticipate. Security approved access, but the real question is what someone is allowed to do with it. Data is clean enough in one place and confusing once it shapes a report, workflow or AI output. The vendor ships a change, and suddenly the company has a new risk to manage.

That is where ownership has to be clearer.

Not everything needs a new governance board. Not every decision needs another approval layer. The point is not to make software governance heavier, but to make it more honest about where decisions actually happen.

The practical test is simple: When something changes after launch, the organization should know where the decision goes. A business rule needs an owner. So does the outcome the platform was meant to improve. Usage needs attention before renewal. Context needs an owner after access is granted. Data needs someone accountable for how it is used downstream. Vendor-driven change needs someone watching the enterprise risk it creates.

Those are the seams where software governance actually gets messy. They also matter more as enterprise software becomes more embedded, automated and vendor-driven. AI agents make that easier to see, but they are not the only reason it matters. The same issue appears whenever software starts doing more work across more systems, with more rules and more data underneath the surface.

Governance is not just about who owns the application; it is also about who owns what the application does to the business. And if that ownership is not clear, the software might keep working while governance quietly falls apart.

James Alan Miller is a veteran technology editor and writer who leads Informa TechTarget's Enterprise Software group. He oversees coverage of ERP & Supply Chain, HR Software, Customer Experience, Communications & Collaboration and End-User Computing topics.