Reflections on 2025: Building Resilience for the Year Ahead

As 2025 draws to a close, I find myself reflecting not just on the projects we’ve delivered, but on the shifting landscape of technology leadership. It has been a year defined by consolidation and the maturing of technologies that were once considered emerging. For CIOs and CTOs, the conversation has moved beyond simply adopting new tools to a more nuanced focus on resilience, data sovereignty, and the pragmatic application of AI.

Looking back, we saw organisations grappling with the reality of hybrid environments. The "cloud-first" mantra has evolved into "cloud-smart," where the placement of workloads is dictated by latency, cost, and security rather than ideology. In Western Australia specifically, the arrival of Azure Extended Zones was a significant milestone, allowing us to tackle latency issues that have historically plagued our region.

However, the year wasn't without its challenges. The end of Windows 10 support looms large, and many organisations spent 2025 auditing fleets and realising the scale of the hardware refresh required. We also saw an intensification of the cybersecurity landscape, necessitating a shift from perimeter-based defence to rigorous Zero Trust architectures.

As we look toward 2026, the role of technology leadership is becoming increasingly complex. We are no longer just the custodians of infrastructure; we are the architects of business continuity and strategic agility. Based on the conversations I’ve had with leaders across the industry this year, here is where I believe our focus needs to be for the next twelve months.

The Imperative of Zero Trust and Identity

If 2025 taught us anything, it is that implicit trust is a vulnerability we can no longer afford. The traditional network perimeter has dissolved. With third-party vendors, remote workers, and contractors accessing our systems from diverse locations, identity has become the new firewall.

In 2026, implementing robust Privileged Access Management (PAM) and Vendor Privileged Access Management (VPAM) will be non-negotiable. We must move beyond broad VPN access for vendors and toward granular, time-bound permissions. The principle of least privilege ensures that if a credential is compromised, the blast radius is contained. This isn't just a security control; it is a fundamental operational standard.

Optimising Hybrid Infrastructure

The hybrid model is here to stay, but it requires optimisation. We need to stop treating cloud and on-premises as separate entities and start managing them as a unified ecosystem.

For the year ahead, I see a strong focus on "right-sizing" infrastructure. This means evaluating where workloads truly belong—whether that’s on a dedicated host for compliance, in a public cloud for scalability, or at the edge for performance. Tools that offer observability across these environments will be critical. We cannot manage what we cannot measure, and disjointed monitoring tools are a barrier to operational efficiency.

Preparing for the Windows 10 Sunset

With the October 2025 deadline for Windows 10 support well behind us now(!), 2026 will be the year of execution for migration strategies. The compatibility gap for Windows 11 is real, and the supply chain for new hardware remains constrained.

Leaders who haven't yet finalised their migration plans need to act immediately. This transition is an opportunity to explore alternatives. For some use cases, shifting to a secure, Linux-based operating system for VDI endpoints or leveraging Cloud PCs may offer a more sustainable and cost-effective path than a like-for-like hardware replacement.

The Evolution of Digital Sovereignty

Data sovereignty is no longer just a compliance checkbox; it is a strategic asset. Mergers and acquisitions in the cybersecurity space have highlighted the risks of relying on single vendors or partners who may not have local autonomy.

In 2026, we must scrutinise our digital supply chains. Where does our data reside? Who has access to it? And critically, if our managed service provider is also our security auditor, are we getting an unbiased view of our risk posture? Maintaining independence in security auditing will be essential for genuine resilience.

A Pragmatic Approach to Innovation

Finally, as we plan for 2026, let us remain pragmatic. It is easy to get swept up in the hype of the next big thing. However, our value as leaders lies in our ability to discern which technologies will drive measurable business outcomes. Whether it is automating routine IT operations to free up staff for higher-value work, or deploying AI to enhance threat detection, the focus must be on utility and value.

Thank you to everyone who has been part of the conversation this year—clients, partners, and the broader IT community. The challenges ahead are significant, but so are the opportunities to build more secure, efficient, and resilient organisations.

I look forward to working with you all in 2026.