The Collision of Compliance & Innovation: How AI is Changing the Game for IT Leaders in PS Firms
AI is fueling a new wave of growth across industries, and professional services (PS) firms are no exception. From code generation to workflow automation, artificial intelligence is transforming how work gets done. But as innovation accelerates, so do concerns around compliance, governance, and data security.
For IT leaders, this creates a high-stakes balancing act that begs the question: how can you adopt AI to stay competitive, without exposing your organization or your clients to unnecessary risk?
To dig into this challenge, we sat down with Taison Kearney for the latest episode of The Professional Services Pursuit podcast, Innovation Without Compromise: IT’s Role in Securing the AI Future. Currently the Chief Information Security Officer and Data Protection Officer at Kantata, Taison has over two decades of experience, and has seen firsthand how IT teams are shifting from traditional support roles to strategic drivers in AI governance and cybersecurity leadership.
Taison shares what today’s IT leaders need to know to stay ahead of the game by asking the hard-hitting questions: What happens if we don’t adopt AI? Are we left behind? How do we adopt and mitigate risk along this journey to take advantage of the benefits of AI?
Below, we break down six key insights from the episode, and what they mean for IT leaders in professional services.
1. The Dual Nature of AI: Opportunity & Risk
AI is a double-edged sword in the world of cybersecurity. While tools like code assistants and task automation boost productivity, they also increase exposure to new threats. Bad actors can use AI to automate malware creation, enhance phishing attacks, and exploit previously unknown vulnerabilities. The result? A larger attack surface and more sophisticated adversaries.
“There’s so many tangible benefits to the application of the use of AI,” says Taison. “But on the adverse side of that, AI can be used by our bad actors to create advanced phishing and social engineering attacks, automated malware and exploits and an increased attack surface. How can we really recognize the benefits while mitigating risk is probably the biggest dilemma that I see most people in my position dealing with today.”
For PS firms handling sensitive client data, the stakes are even higher. Adopting AI without a plan for securing it can quickly lead to compliance breaches, data loss, and reputational damage.
2. The Evolving Role of the CISO in the AI Era
The emergence of AI has changed the game for Chief Information Security Officers (CISOs). No longer focused solely on firewalls and incident response, today’s CISOs must navigate dynamic AI use cases that may be emerging across departments — often without formal oversight.
“What CISOs are having to manage today is that often AI is landing across enterprise, and they might not have mature guardrails,” Taison explains. “So CISOs are really responsible for securing a dynamic environment that may lack clear accountability and control. The CISO is going to play a critical role in navigating the journey with AI.”
This includes managing the risk of “shadow AI,” which is unauthorized or unmonitored AI tool use. Shadow AI is one of the biggest challenges IT security teams face, and CISO’s need to know how to identify and manage it in order to prevent any uncontrolled or unmonitored risk exposure.
To mitigate the effects of shadow AI, many CISO’s are tasked with building AI-savvy security teams and crafting new policies from the ground up.
3. A Strategic Approach to AI Adoption
For PS firms, governance can’t be an afterthought. It needs to be a core pillar of your AI adoption strategy. This includes policy development, employee training, and investments in tools that provide visibility into how AI is used across the business.
At Kantata, we’re taking proactive steps to prevent data leaks, all while supporting and celebrating AI innovation. Through AI-focused initiatives, staff education, and investing in technology that provides the necessary visibility to protect our information, Kantata has set the standard for an AI-forward culture.
“We are supportive of AI, we are not an adverse culture. However, me sitting in the seat that I am, I’m risk adverse,” shares Taison. “So we’ve put together some things. First and foremost, we established an AI governance council. So any AI applications need to be vetted through this council. And we put policy in place so our staff knows what they can and cannot do with AI.”
By taking a similar proactive approach, organizations can strike the right balance, empowering employees to innovate with AI, while also minimizing compliance risks.
4. The Importance of Proactive Security & Trusted Vendor Relationships
Your clients are trusting you with their most valuable asset: their data.
That’s why doing the bare minimum simply doesn’t cut it when it comes to compliance. You can’t just tout that you’re SOC or ISO compliant; you need to continuously invest in security to truly keep your data safe, your clients protected, and your reputation clear.
But building trust requires transparency, responsiveness, and a proactive stance on security and compliance. PS firms serve clients across many highly-regulated sectors, like healthcare, finance, and beyond, so understanding the industry and location your clients operate in and the risks they may face are non-negotiable. This allows you to deepen your vendor-client relationships, and, according to Taison, “are key to becoming a trusted advisor to [your] clients.”
5. Managing Fundamental Risks with Centralized Control
PS firms can be high-value targets for cyberattacks, due to the sensitive nature of their client data. But too many firms are still managing that data across spreadsheets or other less-than-secure methods, leaving them vulnerable.
The consequences of a breach can erode trust and result in legal repercussions or hefty fines. And if a client’s data is compromised, it can also impact their reputation — as well as yours. That’s why strict privacy controls and centralized data governance are essential for both PS firms and the vendors they work with.
The best way to prevent this is to have less data sources, says Taison. Instead, consolidate your data in a centralized system, which will prevent redundant data and decrease your risk of attack.
6. Balancing Innovation with Guardrails
Ultimately, IT leaders are being asked to do the impossible: protect their organizations while unlocking innovation. The challenge is in doing both — without becoming a roadblock.
Innovation can’t come at the expense of security, or vice versa. But as regulations surrounding data privacy tightens, giving people the access they need becomes harder and harder.
“As the data privacy landscape continues to evolve, it’s going to get more stringent, which ultimately is going to limit access,” explains Taison. “And the key is: how can you provide that access in a compliant manner, so folks have the data to be able to make informed decisions, be able to do their workloads in an efficient manner, and be able to work without the bounds of these strict regulations — but be compliant?”
Striking this balance isn’t just a technical challenge, it’s a strategic one. And it’s where IT teams can provide real value to the business by guiding responsible AI adoption and ensuring long-term resilience.
Final Thoughts: Innovation Doesn’t Mean Compromising Compliance
The rise of AI is inevitable, but it doesn’t have to come at the cost of compliance. For IT leaders in professional services, the path forward lies in taking a proactive approach: one that champions innovation while maintaining the trust of clients and regulators alike.
And at Kantata, we lead by example: implementing AI governance, investing in transparency, and helping PS firms secure their future in an AI-forward world.
Want to learn more about how AI is changing the IT landscape? Listen to the full conversation with Taison Kearney on our podcast.