By the mid-2000s, it became about scaling networks and integrating ERP systems. Today, in 2025, the role of IT has transformed once again — from a support function to the strategic core of organizational resilience.

The next decade will accelerate this evolution. Organizations that thrive in 2030 will do so because they’ve aligned around a new IT North Star built on three critical pillars:

• Always-On Operations – technology services that never sleep, protecting revenue and customer experience.
• Data Trust – ensuring information is accurate, ethical, and transparent in an era of AI-driven decision-making.
• Security by Design – embedding protection into every layer of architecture, process, and culture.

These aren’t buzzwords. They are survival strategies for a digital economy that demands both speed and resilience.

Why Organizations Need a New North Star

History shows that IT is in constant flux. From the Y2K scare to the dot-com bubble, and on through cloud migration to today’s AI revolution, IT has reshaped itself again and again (see the full evolution here). What’s different now is the scale and velocity of change.

Digital systems are no longer just operational backbones—they’re mission-critical assets. Downtime isn’t just inconvenient; it’s destabilizing. In 2024, the average minute of downtime cost $14,056.

According to an article from Zenduty, for large enterprises, that number hit $23,750 per minute, with some Fortune 500s exceeding $5 million per minute in losses, totalling a staggering $400 billion annually across Global 2000 firms.

A recent resilience survey, as per Cockroach Labs, revealed that every tech executive surveyed experienced outage‐related losses, with individual incidents shattering expectations—losses ranged from $10,000 to upwards of $1 million, and average annual downtime was 86 hours.

That’s why the market now ranks resilience, trust, and security as competitive differentiators. The meteoric valuations behind Nvidia’s AI boom, Microsoft’s $4 trillion milestone, and strategic moves like Meta’s $10B Google Cloud deal aren’t just about innovation—they’re baked on consistent, trusted, secure service.

The days of IT as a back-office function are over. Today, technology decisions are business decisions. For leaders, the challenge is no longer whether IT should be at the table, but how to ensure it’s setting the direction.

Always-On Ops: Moving Beyond “Keeping the Lights On”

A decade ago, downtime was measured in hours. Customers might grumble, employees might lose productivity, but operations eventually resumed. Today, just five minutes of downtime can cost large enterprises millions of dollars. Gartner estimates the average cost of IT downtime at $5,600 per minute — and that figure continues to climb.

“Always-On Ops” isn’t just about uptime; it’s about building resilience and continuity into the DNA of every system.

That means:

Cloud and Hybrid Infrastructure

Cloud platforms enable global scale, but hybrid approaches remain critical. Many enterprises are learning the hard way that relying on a single hyperscaler creates lock-in and resilience risks. Deals like the Meta–Google Cloud partnership highlight the pressure to balance performance, cost, and redundancy (see analysis).

Automation and AIOps

Human IT teams alone can’t keep up with the complexity of today’s infrastructures. AIOps tools are now essential, using machine learning to detect anomalies, auto-remediate issues, and predict failures before they cascade. This is the evolution of monitoring from reactive alerts to predictive intelligence.

Redundancy and Failover by Design

True resilience means assuming failure will happen. Whether it’s global CDN networks, redundant cloud zones, or decentralized architectures like direct-to-cell satellite coverage (see SpaceX’s spectrum strategy), organizations must build systems where a single point of failure no longer exists.

Uptime alone is no longer the measure of resilience. The real test is whether systems can adapt, recover, and preserve trust when failure is inevitable. That’s where the conversation turns to data.

Data Trust: The Most Valuable Currency of the Digital Economy

In 2025, every organization claims to be “data-driven.” But without trust, data is less an asset than a liability. Poor quality, siloed, or manipulated information doesn’t just slow down decision-making — it actively misleads. According to IBM, bad data costs U.S. companies over $3 trillion annually, through wasted time, compliance errors, and misguided strategy.

The explosion of generative AI has only raised the stakes. As I’ve written in the real history of AI, the value of advanced models depends entirely on the integrity of the data they ingest. Even the most sophisticated large language models will amplify bias, hallucinations, or misinformation if governance is weak.

Building data trust requires attention to three core dimensions:

• Accuracy – ensuring information reflects reality, with rigorous validation and cleansing.
• Transparency – making data sources, transformations, and AI training processes auditable and explainable. This is why debates around AI watermarking are central to public trust.
• Ethics – protecting privacy, reducing bias, and complying with regulations like GDPR, CCPA, and Canada’s evolving digital policies (see the digital tax debate).

Why does this matter? Look at how Anthropic’s $183 billion valuation hinged on confidence in its ability to deliver safe, trusted AI. Conversely, breaches remain one of the fastest ways to destroy trust. As I explained in how cybercriminals really get your info, attackers are becoming more creative in stealing and weaponizing personal data. A single breach can erase years of brand equity overnight.

When data can’t be trusted, neither can the decisions built on it. That’s why accuracy, transparency, and ethics in data management aren’t optional — they’re the foundation of competitive advantage.

Security by Design: From Afterthought to Core Strategy

For years, security was an afterthought — added at the end of a project in the form of firewalls, antivirus tools, or compliance audits. That worked when threats were slower to evolve.

But in today’s environment, where attackers are agile and automated, bolting on protection at the last minute is no longer viable. Security must now be designed into every layer of IT, from infrastructure to application code.

Zero Trust and Identity-First Security
The old model of a hardened perimeter has collapsed. Employees work remotely, data lives in multiple clouds, and applications talk to each other through APIs. The only effective way forward is Zero Trust — assuming no user, device, or transaction is safe until verified. Identity has become the new perimeter, and continuous verification replaces the static password.

AI as a Double-Edged Sword
Artificial intelligence is amplifying both sides of the security equation. Attackers are using generative AI to create convincing deepfakes, scale phishing campaigns, and probe systems faster than ever before (see my breakdown of AI-generated scams). But defenders are responding in kind, deploying AI-driven tools to spot anomalies, triage alerts, and automate response. The result is an escalating arms race.

Embedding Security in Development
Software no longer ships once every few years. Continuous integration and delivery pipelines mean new code is moving into production daily, sometimes hourly. That makes DevSecOps essential: embedding code scans, penetration tests, and policy checks directly into the development process so vulnerabilities are caught before they reach customers.

Regulators, Insurers, and Customers Are Watching
The push for security by design isn’t just about fending off hackers. Insurers are raising premiums for companies with weak controls. Regulators are tightening privacy and cybersecurity requirements worldwide. And customers themselves increasingly demand proof of strong security before signing contracts. Security has become a trust signal — a differentiator in the marketplace as much as a safeguard.

Security Is Now a Culture
The most important shift is cultural. Security is no longer a department tucked away in IT. It has to be embedded into the way organizations design products, serve customers, and make decisions. In the next decade, the organizations that thrive won’t just have secure systems — they’ll have a security mindset built into every part of the business.

Connecting the Three Pillars: Why They Work Together

It’s tempting to treat Always-On Ops, Data Trust, and Security by Design as three separate workstreams, each with its own tools, budgets, and owners. But in practice, they are inseparable. Weakness in one area quickly undermines the others.

Take uptime, for example. An organization that delivers flawless availability but neglects security isn’t truly resilient. All that “always-on” infrastructure simply provides more opportunity for attackers to exploit vulnerabilities. Similarly, Data Trust without resilience is hollow.

Accurate, well-governed information is useless if it becomes unavailable during an outage or a ransomware event. And Security by Design without transparency may keep threats out, but it risks alienating regulators, partners, and customers who increasingly demand to know how data is collected, stored, and used.

What these examples show is that the pillars don’t just complement each other — they depend on each other. Together, they form a system of resilience:

• Always-On Ops ensures continuity of service.
• Data Trust ensures continuity of confidence.
• Security by Design ensures continuity of protection.

Without one, the other two collapse. With all three working in concert, organizations create a durable foundation for innovation and growth.

This is why the three pillars should not be treated as line items on a budget or isolated IT projects. They represent a strategic philosophy: a commitment to building technology that is resilient, transparent, and secure by default.

For IT leaders, this integrated view is the true North Star for 2030 — not just keeping systems running, but ensuring the entire digital ecosystem supports the business with reliability, integrity, and trust.

Looking Ahead: The IT North Star for 2030

By 2030, IT will look very different from today. Networks will be more decentralized, AI will be embedded in operations and security, and quantum computing may begin to reshape the foundations of cryptography. The boundary between “business strategy” and “IT strategy” will have disappeared entirely.

Amid that change, the North Star for IT leaders remains constant:

• Always-On Ops to deliver resilience and continuity.
• Data Trust to enable confident decisions and safeguard integrity.
• Security by Design to protect organizations in an era of relentless threats.

These aren’t optional priorities — they are interdependent pillars that define whether technology supports growth or becomes a liability. Together, they form a compass for IT leaders navigating the decade ahead.

The real question for CIOs, CTOs, and technology executives is simple: Are our investments, culture, and strategy aligned with this North Star? Because the future won’t wait until 2030. The organizations that adapt now will not only withstand disruption — they’ll set the pace for competitors to follow.

Frequently Asked Questions (FAQ)

(Images generated with the help of DALL-E.)