<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=8635850&amp;fmt=gif">

Everything, All at Once: Securing Progress in a Compounding IT Landscape

June 23, 2026

Over the past few years, I’ve noticed a change in the conversations I’m having with IT leaders.

 

It’s no longer, “We’re migrating this legacy workload to cloud this year,” or, “Security is our priority for the next 12 months.” The pressure in 2026 feels different. Broader. Heavier. Less sequential.

 

Everything is happening at once.

 

You’re being asked to enable hybrid productivity, adopt AI responsibly, strengthen security posture, control rising technology costs, and demonstrate resilience to the board. None of those objectives are unreasonable on their own. In fact, most are overdue.

 

The difficulty is that they’re landing simultaneously, and they’re interconnected in ways that aren’t always obvious at the outset.

 

That’s what makes this moment different.

 

Securing Progress in a Compounding IT Landscape

 

The Compounding Effect

 

In theory, each of these challenges can be managed as a separate workstream. Productivity is a workplace conversation. AI is innovation. Security is risk. Cost is optimisation.

 

In practice, they overlap constantly.

 

When you make collaboration easier, you inevitably expand the surface area you need to govern. When you introduce AI into Microsoft 365, you quickly discover how well, or how poorly, your data is structured and permissioned. When you add new security tools, you often increase operational complexity before you reduce risk. And when cost pressure tightens, the temptation to defer upgrades or rationalise controls can introduce fragility in places that only become visible later.

 

None of this is dramatic. It’s gradual. It’s incremental. And that’s precisely why it’s dangerous.

 

What I’m seeing is not failure. It’s accumulation.

 

Small, sensible decisions made under time pressure that collectively stretch the operating model thinner than anyone intended.

 

Progress Without Creating Fragility

 

Boards aren’t asking IT to slow down. Quite the opposite. They want AI adoption. They want flexible working to remain frictionless. They want resilience to be demonstrable. They want predictable cost.

They want progress and protection at the same time.

 

The risk for IT leaders isn’t that one of these initiatives goes wrong in isolation. It’s that the underlying environment isn’t designed to absorb them all together.

 

That’s where resilience becomes more than a security conversation.

 

Most organisations I speak to would describe themselves as secure. They have endpoint protection, Microsoft 365 security controls, some form of monitoring, and backups in place. On paper, the fundamentals exist.

 

But resilience is something more deliberate.

 

Resilience means that when a user makes a mistake, it’s contained quickly. When credentials are compromised, it’s detected early. When data needs to be restored, recovery is tested and predictable. When an auditor asks for assurance, the evidence is clear and available. And when the board asks for confidence, you’re not relying on assumptions.

 

Resilience is operational confidence under pressure.

 

And that’s different from simply having tools deployed.

 

The Accountability Reality

 

One of the realities of modern IT is that the environment has expanded far faster than governance models were originally designed for.

 

Users work anywhere. Devices are more powerful and more distributed. AI is now embedded directly into productivity platforms. Data flows across multiple clouds and SaaS applications. Vendor pricing models continue to evolve, generally upwards. Compliance expectations are tightening.

 

Yet the accountability hasn’t expanded. It still sits squarely with the IT leadership team.

 

That’s the tension I hear most often. Not fear of cyber headlines, but the weight of responsibility. The expectation that you can enable innovation while also eliminating risk, and do so within budget.

 

It’s a difficult balance.

 

A Different Question

 

I think we’re asking the wrong starting question.

 

Instead of asking, “Are we secure enough?” we should be asking, “Is our operating model designed to handle convergence aka “everything, all at once?”

 

Can it support productivity without increasing unmanaged exposure? Can it enable AI without surfacing sensitive data in unintended ways? Can it detect real threats without overwhelming your team with alerts and false positives? Can it recover quickly and predictably if something fails? Can it control cost without storing up technical debt?

 

Those aren’t purely technical questions. They’re structural ones.

 

They’re about how the modern workplace is engineered, not just which controls are switched on.

 

What Good Looks Like

 

When resilience is built deliberately into the modern workplace, you feel the difference operationally.

 

Users still work flexibly, but access is governed intelligently. AI adoption moves forward, but within clear safeguards. Security incidents are handled methodically, not reactively. Backup and recovery are tested, not assumed. Reporting supports board conversations instead of triggering them.

 

Most importantly, the IT team regains strategic headroom. Time is spent improving and evolving the environment, rather than constantly reacting to it.

 

Progress continues. Without fragility quietly accumulating underneath.

 

It’s All Connected!

 

In this series of articles, of which this is the first, I want to explore the pressures shaping 2026 in more depth; productivity, AI, security signal versus noise, recovery readiness, and cost control. Not as isolated themes, but as connected forces that influence one another.

 

Because nothing now lands in isolation.

 

Productivity decisions affect AI exposure. AI affects governance. Governance affects risk. Risk affects cost. And cost decisions can either strengthen or weaken resilience.

 

The question isn’t whether you can solve each challenge individually. It’s whether your workplace is designed to absorb them all - all at once.

 

If any of this feels familiar, I’d be genuinely interested in hearing how you’re experiencing it in your organisation. Every environment is different, and the nuance matters. Feel free to reach out if you’d like to compare notes.