Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI adoption and governance: what problem are teams actually solving?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 10141
Topic starter  

TL;DR: Companies often start AI programmes by asking how to use or sell AI instead of defining the business problem first, which causes implementations to stall and obscures when human judgment should remain in the loop, according to Commvault. The practical issue is governance, not enthusiasm: without clear decision boundaries, data rules, and success measures, AI becomes a hammer looking for nails.

NHIMG editorial — based on content published by Commvault: problem-first AI adoption and the governance questions leaders should ask

Questions worth separating out

Q: How should organisations decide whether an AI use case is worth deploying?

A: Start with the business problem, not the technology.

Q: Why do AI programmes fail when teams start with the tool instead of the problem?

A: Because the organisation ends up automating an undefined workflow.

Q: What do security teams get wrong about human oversight in AI workflows?

A: They often assume oversight is automatic once a person is named in the process.

Practitioner guidance

  • Define the business problem before the AI use case Require each proposed AI workflow to state the pain point, the users affected, the data needed, and the measurable outcome.
  • Classify which decisions must remain human-owned Map every AI-assisted workflow to its decision points, then mark the steps that require review, approval, or exception handling.
  • Set data upload and sharing rules in advance Document what information can be entered into AI systems, what must never be uploaded, and who can approve edge cases.

What's in the full article

Commvault's full article covers the operational detail this post intentionally leaves for the source:

  • Practical examples of where AI is useful for repetitive internal work and where human judgment should stay in the loop.
  • Specific questions leadership teams can use to test whether an AI use case is solving a real operational problem.
  • The article's own framing on data handling, privacy protection, and decision-making authority.
  • The reasoning behind the author's view that AI should support uniquely human work rather than replace it.

👉 Read Commvault's analysis of problem-first AI adoption and governance →

AI adoption and governance: what problem are teams actually solving?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9696
 

Problem-first AI adoption is now an identity governance requirement, not a management preference. When leaders start with the tool, they usually skip the questions that identity programmes are built to answer: who is authorised, what data is in scope, and which decisions remain human-owned. That gap creates policy drift before the first workflow is deployed. Practitioners should treat use-case definition as a control input, not a planning exercise.

A few things that frame the scale:

  • The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
  • Only 44% of developers are reported to follow security best practices for secrets management, according to The State of Secrets in AppSec.

A question worth separating out:

Q: Who is accountable for data that enters an external AI system?

A: The organisation remains accountable for the decision to send the data, the controls around that decision, and the contractual and operational exposure created by the provider chain. That includes vendors, cloud providers, and subprocessors that may touch the data after submission.

👉 Read our full editorial: AI adoption fails when teams start with the tool, not the problem



   
ReplyQuote
Share: