Insights

2021 IT Trends: The CIO Agenda | SUMāTO

Written by Andrés Lozada | Jul 9, 2026 7:23:39 PM

The close of 2020 leaves every board with an uncomfortable certainty: technology has stopped being a support function and become the nervous system of the business. What in January looked like a multi-year digital transformation plan was executed in weeks, and now the challenge is different: consolidate what was improvised, secure what was left exposed, and decide where to invest in 2021 with a budget that remains under scrutiny. If you lead or advise the IT function, this is the agenda that deserves to be on the table before you approve next year's plan.

The short version: 2021 will be the year of moving from reaction to strategy. The CIO will have to balance three fronts at once: enabling hybrid work on a permanent basis, hardening the organization against a threat landscape that keeps intensifying, and modernizing the technology platform so that speed becomes an advantage rather than a recurring cost. Prioritizing well will matter more than spending big.

1. Hybrid work stops being the exception and becomes deliberate design

During 2020 many companies enabled remote work under duress, with saturated VPNs, personal devices, and processes designed for the office. In 2021 the hybrid model becomes permanent, and that forces a serious redesign rather than a patch.

  • What it means for the board: productivity no longer depends on location, but on the quality of collaboration tools, connectivity, and the digital employee experience.
  • Investment in managed endpoints, bandwidth, and collaboration platforms should be treated as a structural decision, not a temporary expense.
  • Culture and performance metrics must adapt to an environment where trust and outcomes weigh more than physical presence.

2. Zero Trust becomes the guiding principle of security

The corporate perimeter, that wall separating the inside from the outside, has dissolved. With users, devices, and data spread beyond the company network, the "trust inside, distrust outside" model is obsolete. The Zero Trust approach—never trust, always verify—moves from conceptual buzzword to concrete roadmap.

  • What it means: multi-factor authentication, identity and access management, network segmentation, and continuous verification are no longer optional.
  • It is not a product you buy but an architecture you build in stages; starting with identity and privileged access usually delivers the greatest early return.

At SUMāTO we help boards translate this principle into an executable cybersecurity plan with measurable milestones.

3. The acceleration to the cloud needs governance

Cloud migration accelerated out of necessity. The risk in 2021 is that this speed breeds disorder: costs that spiral, orphaned instances, and architectures no one fully designed. The conversation matures from "should we move to the cloud" to "how do we govern it."

  • What it means: you need a cloud financial management strategy (what the industry is beginning to call FinOps), clear policies, and a deliberate multi-cloud or hybrid vision.
  • Well-managed cloud frees up capital and accelerates innovation; poorly managed, it becomes an ever-growing bill without control.

A good starting point is to bring order to cloud adoption with cost, security, and performance criteria from day one.

4. Ransomware forces a rethink of resilience

Ransomware attacks grew in frequency and sophistication during 2020, with double-extortion tactics that not only encrypt data but threaten to publish it. For 2021, this stops being a technical IT problem and becomes a business-continuity risk the board must understand.

  • What it means: the question is no longer only how to prevent, but how to recover. Isolated backups, tested incident-response plans, and drills stop being a luxury.
  • Operational resilience—the ability to keep running under attack—becomes a measure of corporate health as relevant as liquidity.

5. Automation moves from pilot project to core capability

The pressure to do more with less puts automation at center stage. Robotic process automation and workflow orchestration stop being isolated experiments by a single team and become a cross-cutting capability.

  • What it means: the value lies less in automating stray tasks and more in redesigning complete, end-to-end processes.
  • It is wise to build a practice with clear governance to avoid the proliferation of bots with no maintenance or owner—a phenomenon that is already generating technical debt in organizations that moved ahead without order.

6. From AI models to MLOps: industrializing artificial intelligence

Many companies piloted artificial intelligence in 2020 and discovered an uncomfortable truth: having a model that works in the lab is not the same as having it generating value in production. The discipline of MLOps—taking models to production in a reliable, monitored, and repeatable way—becomes the differentiator between those who talk about AI and those who use it.

  • What it means: without processes to version, monitor, and retrain models, AI degrades in silence and erodes the business's trust.
  • The board should demand real impact metrics, not demos; the right question is which decision the model improves, not how sophisticated it is.

To make this leap with judgment, it is worth structuring the artificial intelligence bet around use cases with a clear return.

7. How to prioritize: the three-axis filter

Seven trends are too many to tackle all at once. We recommend that the board filter each initiative through three questions:

  • Risk: what does inaction expose us to? Anything touching security and resilience can rarely wait.
  • Return: how quickly does the investment pay back, and how will we measure it?
  • Capability: do we have the talent and maturity to execute it, or do we need a partner?

The practical recommendation for 2021: choose two or three bets with the greatest impact, assign them an owner and a budget, and leave the rest on a watch list with clear criteria to activate them. Doing a few things well beats spreading the budget thinly across many half-finished fronts.

Frequently asked questions

Where should a CIO with a tight budget start?

With what reduces critical risk and frees up cash. That usually means strengthening identity and access (the foundation of Zero Trust) and bringing order to cloud spend—two fronts that improve security and cost at the same time.

Is hybrid work an investment or a cost?

It is a structural investment. Collaboration tools and managed endpoints enable sustained productivity and access to talent regardless of location; treating them as a temporary expense leads to short-term decisions that cost more later.

Is it worth investing in AI if we don't have clear use cases yet?

It is better to start with one or two use cases with measurable return than with a large platform. MLOps maturity is built through practice; what does not work is buying technology without a concrete business problem to solve.

How do I convince the board to invest in ransomware resilience?

By translating the risk into business continuity: how much a day without operating would cost, and how long recovery would take. That figure alone usually justifies isolated backups and tested response plans.

The first step

The 2021 agenda is not about adopting every trend, but about choosing well and executing with discipline. If you want to turn this list into a prioritized plan for your board—with clear risks, returns, and capabilities—let's talk. At SUMāTO we help organizations across LATAM make these decisions with judgment and execute them with measurable results. Reach us at sumatogroup.com/contacto and let's take the first step together.