Security by Default: Why 2026 Will Force Organisations to Rethink Cloud and AI
financial accountability to how they run cloud and AI, according to leading Australian systems integrator, Brennan.
Based on customer insights from Brennan’s national series of executive technology briefings at the end of last year, it was evident that rising consumption costs, sprawling multi-cloud environments and early-stage AI deployments were widening attack surfaces and increasing compliance risk.
Brennan’s Head of Customer Solutions, Steve Anderton, said many organisations were increasing operational exposure at a time of heightened regulatory expectations, due to the lack of clear oversight of where workloads sat, how they were governed and what they had truly cost.
“With 75 per cent of organisations reporting an expanded attack surface, the environment now demands a far more disciplined approach,” Mr Anderton said.
“Cloud and AI are increasingly becoming integral parts of operating models. Without security, resilience and governance embedded across these environments, organisations will struggle to manage both risk and spend in 2026.”
Shift toward blended architectures
Mr Anderton said that there had been a growing move away from ‘public cloud –only' strategies in recent times, with leading organisations increasingly blending public, on-premises, hybrid, and selectively repatriated cloud workloads to balance cost efficiency, sovereignty requirements and reduced cyber exposure.
“We’re seeing leaders reassess their estates to ensure workloads are deployed on the most appropriate platforms based on technical, financial, performance and security criteria,” he said.
“Adaptive cloud architectures are emerging as a way to optimise cost without compromising resilience or sovereignty.”
AI enters the operational mainstream
Mr Anderton said AI deployments - often launched quickly or in silos - were adding governance and operational pressures on organisations as expectations from boards and business units have escalated sharply.
“The AI conversation is evolving on what feels like a daily basis,” Mr Anderton said.
“Executives still want experimentation, but they also expect measurable, value-based outcomes and controls that prevent cost blowouts or data exposure.”
To meet this expectation, Brennan is helping organisations transition AI from isolated proof-of-concepts and pilots into production solutions that support automation and streamline business processes, using both vendor solutions and custom-developed Agentic AI agents within secure and cost-aware frameworks.
Governance becomes non-negotiable
Mr Anderton said that without structured monitoring, skills uplift and financial discipline, AI and cloud costs could escalate quickly, and security could be weakened.
“AI introduces new risks that can’t be managed with legacy processes,” Mr Anderton said.
“Governance needs to be continuous, not something revisited every quarter. The organisations that recognise this early will see faster, safer returns.
“But governance also needs to be balanced with speed - wait too long and the opportunity is lost, spend too long planning and building and the technology has iterated or another new disruptor has entered the market.
“The focus needs to be on short ideation and development cycles that deliver value quickly underpinned by a framework and tech stack that enables you to pivot and adapt.”
Forces set to define operating models in 2026
Mr Anderton said the four interdependent priorities shaping the year ahead were:
-
Security by default through standardised, codified architectures
-
Disciplined FinOps with full visibility of cloud and AI consumption
-
Stronger data governance to support compliance and accuracy
-
AI as a value driver, not a standalone experiment, with 2026 being the year of agentic AI
“In 2026, security by default won’t be optional. It will be the defining marker of organisations that are resilient, innovative and cost-conscious,” Anderton said.
