UST’s CIO & CSO on Balancing AI Innovation and Risk at Scale
AI is truly transforming business, from the centre out.
Krishna Prasad has worked at UST for almost two decades and now acts as the company’s Chief Strategy Officer and Chief Information Officer.
With a mission to transform lives through technology, Krishna and his team work with large global enterprises to solve complex business challenges.
In his role, he addresses the evolving governance challenges of deploying AI at scale, the importance of balancing innovation with risk — especially across security, cloud and digital workplace initiatives — and the shifting dynamics between CIO and CTO roles.
“Our mission statement, in very simple terms, is about transforming lives,” he explains. “Our business has been built on how we use technology as a way to drive change, starting with our clients, then expanding to our own associates as well as, of course, into the communities in which we operate.
“Our business has been really to bring technology to life and translate it into business results for our customers.”
Comfortable in solving complex and specific problems, Krishna emphases that what matters to UST most is “how we use technology for good and how we use it to make life better for people”.
Here, Krishna speaks with Technology Magazine.
What we see with our clients is a need to provide environments that allow people to innovate. But the approach that I'm seeing several organisations take is much more rigorous when it comes to rolling things out from a production standpoint or giving access to production data to improve models.
What we are finding is that it’s also a field that is evolving so rapidly that you have to almost go back to the fundamentals of what you will and won't do. Over time, things might change, and it’s a trend we’re seeing happen similarly with many of our client organisations as well.
How do you prioritise investments across cloud, security and digital workplace initiatives to maximise both innovation and risk management?
Clearly for us there is one element, related to security, that is really at the top of mind and I don’t see that really going away any time in the near future. On the one side, yes, AI has a lot of potential and promise, but on the other side it has the very quick ability to take down a business as well.
Security-related investments have continued for us and we are always looking at new frontiers in terms of the things that we need to do. Rather than take a static approach to security, what we are trying to do is move to a world where we can have continuous and very dynamic monitoring of our environment, combining that with inputs around new vulnerabilities that are being detected, understanding the exposure that we have as a business and being able to prioritise those risks for addressing using solutions that we build.
With cloud, what we’ve seen is people start using these models to experiment. A lot of people don’t realise how quickly the dollars add up.
This means that, quite often the role of a CIO, cloud has been there for a while. For us, we don’ think of it as innovation anymore. We almost believe it’s a necessity. We now look at it and say, as cloud gets used more, what do we need to pay attention to? And in addition to the security risk, we need to pay attention to the commercial aspects related to that.
These are things we are paying particular attention to and dynamically managing.
I'm also finding increasing traction around what we call customer experience platforms or employee experience platforms and so on. I see that as something as a new way by which people engage with technology rather than having to go to so many different places to do different things.
Outside of that, our customers are demanding more productivity from our teams. There are many different things that are happening, but for us we are very much grounded on ensuring it delivers the business outcomes that we want. And when we talk to clients as well, that’s typically what we encourage them to do.
How is the role of the CIO evolving in relation to the CTO, especially when it comes to driving organisational resilience?
One thing I've seen is the role of the CTO tends to be different depending on the organisation that they're a part of. But in general, what I see are some common themes.
The CTO roles tend to be around enabling technology that underpins a product or service that you're taking to market, meaning typically a lot of the CTO roles tend to be more customer-oriented than a typical CIO role. The dynamic between the CIO and CTO role depends on the organisation and the specific product or service that they offer.
Having said that, what I typically find is the CTO is a little bit more oriented towards innovation and the ability to use technology more effectively. They’re always looking at experimenting, looking at new ways to bring some of the technology back into the business, whereas the CIO is coming in with a little bit more of what I'll call a risk and commercial view to the same elements.
The need for partnering has always been there and I think it continues to be there today. The evolution that I see for some CTOs is a tendency to sometimes place too much of an emphasis in terms of what the technology can do and the CIO sometimes ends up having to strike that better balance. What I then find is the CIO is having to bridge that role between the CTO and the Chief Risk Officer, if you have that kind of a role within the business.
In most cases it tends to be fairly synergistic unless of course there's a strong view in terms of whether a technology — and I think AI is a classic example of that — ends up posing more fundamental risks or opportunities that we need to capitalise on. It requires a little bit more business-aligned thinking to make that come to life.
I would say challenges and opportunities are shifting very much between the two roles. The need to work together is probably even more paramount today than it was in the past.
What strategies has UST found most effective for building resilient IT talent and culture, particularly with the rise of autonomous AI agents in enterprise environments?
The thing most related to AI is around talent because it has a fundamental impact in terms of the direction that we take for business.
My corporate strategy role is very much aligned towards where we are headed and what it means for our people. Of course, as a CIO, I see that direct impact flowing into our technology teams as well.
It’s important for us to understand that expertise is being disintermediated with AI. With AI, expertise is going to be very easily and more widely available than it ever was.
If you look at our business as an expertise-driven one, we have to accept the fact that it's going to be dramatically disrupted in a very short period of time.
For our business, where we have a lot of technologists that have grown through the ranks, that's going to get pretty dramatically disrupted as well. We’ve really gone back to the basics of what our business is about and as a result, how we need to think about our people.
So where we are going with that now is that we think of our business as a problem-solving business. When it comes to problem-solving, the three elements that we really emphasise with our people. Number one is curiosity, finding a way to be curious about new things, learning about the things that's happening around you.
The second element that we look for is creativity, taking the things that I've learned and using it to solve problems.
The third is critical thinking. Even if you look at AI and what it can do today, you cannot 100% take whatever you’re getting and call it a solution. You need critical thinking to understand and apply AI in a specific context.
There’s also an element of set behaviours which ultimately take that innate talent or mindset and translate it into how those results get delivered.
The outermost layer is specific expertise. Specific skills are important where we are expecting maximum disruption. This is something that is really where we need to realign our business and our talent.
How UST partnered with Fortune 500 clients to modernise legacy systems and accelerate innovation? What were the key lessons you've learned?
This has been a topic of discussion for almost my entire time at UST.
But what we are now seeing is a dramatic shift — there are tools available that can allow you to accelerate that journey much faster.
So one of the things that we are seeing with many of our clients is them passing on their legacy modernisation headache and passing on the benefit of whatever you're able to transform. We are calling it self-funded transformation.
Essentially, what we are saying is we will take on managing your applications in your legacy environment and our goal is to modernise this entire set of applications. From a technology perspective, this is where I think we've been able to literally leverage the power of AI.
We’ve realised it's not something that you can just take and you throw it in there and you get the new code out that you can use. It’s about taking the legacy environment and understanding the true business intent behind why the code is written the way it is. Then you have to translate that into a new set of applications that you build in a target environment.
The approach that we’ve taken is very much AI-enabled, but it's not something that you can just hand over and dictate how it happens one way. Legacy modernisation continues to be a key part of how we drive our business forward, and I think the tools that are available today have allowed us to do it better than how we’ve been able to before.
What are the most critical governance challenges CIOs face when deploying AI at scale in large enterprises? How is UST helping clients address these issues?
At the end of the day, CIOs have always had to do a balancing act between risk and innovation. I still view the role of the CIO as primarily being tasked with managing the risk of making sure that technology is deployed in a way to make the business effective and at the same time not exposing the business to too much risk.
However, technology, increasingly for most businesses, is also at the core of driving change in terms of how the business operates. I say that because in many ways AI is the next generation of that as well.
The governance challenge is about finding that right balance. Where it has become particularly difficult in the world of AI is the fact that you could no longer distinguish this idea of what you might call code versus data. Code and data have really come together in the world of AI to create these models, so the risk profile of what you typically can control and what you can't has dramatically shifted.
