Cloud Security

Why AI investments demand a security-savvy ROI strategy

Patrick Heinrichs
Patrick Heinrichs

A practical guide for IT leaders navigating cost, value and risk in the era of enterprise AI.

Artificial intelligence is rapidly becoming the centrepiece of digital transformation. Organisations are investing heavily in generative AI, automation tooling, and advanced analytics. Yet, as highlighted in IBM Apptio’s recent article “AI-Based Investments Require a New Approach to Deliver ROI Objectives”, many of these initiatives are not delivering the expected return on investment (ROI).

IDC forecasts that global AI spending will reach $669 billion by 2027, yet 38% of organisations miss their AI ROI targets, often as a result of unexpected cost growth, limited visibility and challenges in operationalising AI solutions. In fact, fewer than 60% of AI initiatives successfully make it into production, leaving a significant portion of investments stranded in pilots and proof-of-concepts.

As an IT professional, I see a recurring pattern: organisations treat AI primarily as an innovation or engineering challenge, when in reality, AI investments depend just as much on cost control, value realisation and effective risk management. Security is usually introduced too late, and the hidden risks, which ultimately translate into hidden costs, emerge once the system is already deployed.

It is time to shift the narrative: AI investments must embrace a security-aware, financially transparent and business-aligned approach if they are to deliver meaningful ROI.

Why AI investments are more complex than traditional IT?

AI projects differ significantly from classic IT programs due to their highly dynamic and resource-intensive nature. Infrastructure costs for example, can fluctuate dramatically because GPU workloads, data processing pipelines, training runs and API usage can grow unpredictably. A seemingly small configuration change, such as altering model parameters or batch sizes, can multiply resource consumption far beyond initial forecasts.

Data introduces another layer of complexity. Since AI models rely heavily on large volumes of information, organisations with inadequate data governance expose themselves to risks related to data leakage, sensitive information usage and compliance violations. These challenges become even more pronounced when models draw from multiple sources or incorporate customer data.

Operationalisation also represents a major hurdle. Once deployed, AI systems must be continuously monitored for model drift, updated with new data, maintained with appropriate security patches and governed for traceability and auditability. Many organisations underestimate this long-tail maintenance, leading to rising operational costs over time.

Security and compliance are woven deeply into each of these challenges. Model manipulation, insecure pipelines, shadow AI usage and regulatory misalignment can result in financial penalties, brand damage or service disruption. Any of these outcomes can rapidly erode or even eliminate, the expected return on AI investments.

A new approach to AI investment management

IBM Apptio’s article argues that organisations need a more comprehensive and disciplined approach to managing AI investments. This means understanding the full cost of ownership across hybrid cloud environments, on-premises infrastructure, data pipelines and specialised talent. It also requires governance frameworks that unite IT, finance, business leadership and security into a single, cohesive strategy.

This modern approach emphasises:

  • Transparent cost tracking and optimisation: supported by IT Financial Management (ITFM) and FinOps practices.
  • Clear linkage between spending and business outcomes: ensuring investments are driven by value rather than experimentation alone.
  • Portfolio management methods: to focus efforts on the AI initiatives with the highest potential impact.

In such a framework, security is not an add-on but a core enabler of stable value creation.

Security’s critical role in achieving AI ROI

Security teams play a central role in determining whether AI initiatives ultimately succeed. For example, protecting the data that fuels AI systems is essential; organisations cannot rely on AI outputs if the underlying data is exposed, inaccurate, or noncompliant. The integrity of models also matters, as attacks like prompt injection or data poisoning can distort results and diminish business value.

AI supply chains, including models, datasets, APIs, GPU providers, and cloud services, expand the attack surface and introduce dependencies that must be carefully evaluated. Without appropriate controls, an outage or vulnerability at a vendor can disrupt operations or create an unintended breach.

Regulatory compliance further raises the stakes, especially with emerging legislation such as the EU AI Act. A single violation can significantly undermine the ROI of an entire AI portfolio. At the same time, security monitoring can help identify abnormal behaviours. For example: a misconfigured job that unexpectedly drives GPU consumption, preventing runaway costs or misuse.

Through these activities, security actively protects the organisation’s ability to realise value.

A practical framework for aligning security with AI investment success

Achieving meaningful ROI from AI requires organisations to start by defining clear business outcomes, success criteria, and risk tolerance. This foundation helps ensure AI solutions are designed to solve real business problems rather than simply exploring technical possibilities.

 

Security must be integrated early into the AI lifecycle. During the planning phase, organisations should already be considering how data will be governed, what access controls will be required, which vendors are involved, and which regulatory rules apply. In the build phase, secure MLOps practices, identity controls and audit mechanisms ensure models are developed responsibly. Once AI systems are deployed, continuous monitoring helps detect drift, anomalies, and cost spikes while supporting rapid incident response. Over time, periodic optimisation ensures that security posture, costs, and business value remain tightly aligned.

To support this lifecycle, organisations should track a balanced set of cost, value, and risk metrics. These may include GPU utilisation efficiency, cost per model or inference, governance adherence, model drift events, and the quantifiable value delivered by the AI solution. Only by monitoring this full spectrum can leaders assess whether their AI investments are delivering as expected.

How Security Consultants Add Immediate Value

Security consultants can accelerate AI success by integrating security considerations from the earliest stages of the roadmap and bridging the gap between business priorities, technical design and financial reality. They help organisations understand risk in economic terms, which makes budget decisions clearer and aligns C-level stakeholders. They can also introduce proven AI-specific security patterns, such as model isolation, secure MLOps pipelines, and LLM gateway architectures, that enable safe experimentation instead of restricting it.

By supporting ITFM and FinOps teams with risk-related cost insights and establishing controls that allow AI teams to innovate responsibly, security consultants ensure that AI solutions deliver value while remaining sustainable and compliant over time.

Conclusion: AI ROI depends on managing cost, value and risk together

AI is entering a more mature enterprise phase, where expectations are shifting from experimentation to measurable value delivery. Organisations that adopt transparent governance, invest in operational excellence, and embed security throughout the lifecycle will be the ones best positioned to realise meaningful ROI. As IBM Apptio’s findings make clear, a new AI investment management approach is already emerging and security must sit at the centre of it.

This is exactly where Noventiq can support customers end-to-end. As a strategic partner of AWS, IBM and Trend Micro, we bring together the essential technical and governance building blocks needed to run AI responsibly and profitably. Customers can run their AI workloads securely and efficiently on AWS, while IBM watsonx.governance provides robust model governance, explainability, compliance alignment and lifecycle management. Through IBM Apptio, we deliver comprehensive FinOps and IT Financial Management capabilities, giving organisations full visibility and control over the true cost and value of their AI initiatives. Finally, Trend Micro’s advanced security solutions protect data, workloads, and models across the AI pipeline, ensuring that threats, compliance risks, and vulnerabilities are addressed proactively.

By combining these complementary capabilities into a single integrated framework, Noventiq enables customers to accelerate AI adoption while maintaining control, reducing risk, and maximising ROI. From first prototype to enterprise-scale operations.
Patrick Heinrichs

Patrick Heinrichs

Follow me on LinkedIn

Patrick is an experienced AWS Cloud Solutions Architect with over 25 years of expertise in IT. He specialized in cloud optimization (with solutions like: Flexera, IBM Turbonomic, and Apptio Cloudability) and cloud security. Thanks to his unique combination of skills, he bridges the gap between traditional IT management and modern cloud strategies. Patrick's work focuses on promoting efficiency, cost savings and security in cloud environments, helping organizations successfully navigate the complex world of cloud computing.