As the enterprise landscape shifts toward intelligent automation and pervasive AI, the CIO’s mandate now extends far beyond infrastructure and applications. It demands an integrated vision that connects technology, trust, and transformation.

This evolution remains central to Mike Anderson, Chief Digital and Information Officer at Netskope, Inc., a company redefining modern security and networking through cloud-native platforms and continuous adaptive trust.

In the first part of this three-part series, Anderson spoke about the evolving scope of the CIO role. He also shared a grounded perspective on what it truly means to “do Zero Trust right.”

In this second installment, Anderson continues his dialogue with Kirk Ball, CIO of Worldpay, focusing on the strategic role of enterprise browsers, the nuanced use cases for adaptive access, and the ever-evolving governance of generative AI (GenAI) in enterprise environments.

No one-size-fits-all

When asked if enterprise browsers are the future of secure access, Anderson doesn’t rush to overstate their scope. Instead, he urges a broader view rooted in adaptability and context-specific architecture. “I want to back up and think about access,” he says.

He outlines an adaptive security architecture where a policy engine dynamically governs access — whether to SaaS platforms, internal apps, or websites. However, implementation differs vastly depending on device types, user roles, and traffic behaviors.

For managed devices, Anderson firmly supports an agent-based model. “Using an agent-based model to send traffic makes absolute sense,” Anderson notes. Replacing native tools like Microsoft Teams or Visual Studio Code with browser-only access, he warns, would cause “a revolt of users.” Developers and technical teams, in particular, often require non-browser tools, command scripts, or Telnet sessions that an enterprise browser cannot support.

On the other hand, agentless environments — such as smart TVs, IoT devices, and Zoom rooms — necessitate network-level traffic steering through firewalls or SD-WAN solutions.

That’s where the enterprise browser shines — as a complementary, not primary, access channel.

Anderson points to use cases like

• Third-party consultants or auditors accessing platforms like Salesforce, Workday, or ServiceNow
• Executives logging in from personal devices during international travel
• Offshore call centers with data sovereignty restrictions, where enterprise browsers can deliver web-based tools without requiring full VDI infrastructure

“For those,” he affirms, “enterprise browsers can be a good solution, but it’s not a one-size-fits-all approach.”

Navigating GenAI with guardrails

As the conversation pivots to GenAI, Anderson acknowledges the familiar tension between innovation and risk management.

“It’s that dilemma between innovation and security posture we face every day,” he says.

Fortunately, Netskope’s early exposure to GenAI began through web-based chat interfaces like ChatGPT and Claude — making them manageable under existing SaaS security policies. “The policies I would apply to someone uploading a file to Google Drive can be applied to GenAI.”

Anderson explains how Netskope distinguishes between personal and corporate GenAI use, blocks sensitive data uploads, and leverages machine learning to classify high-risk data types — particularly financial information. One practical application: training their sales team to conduct GenAI-driven research using public data, while ensuring Netskope’s own internal financials aren’t inadvertently uploaded.

Promptathons, playbooks, and AI fluency

To cultivate internal AI literacy, Anderson reveals Netskope has organized its first company-wide “Promptathon” — a creative take on hackathons, inspired by a conversation with Workday’s CIO.

Open to all employees, the Promptathon encourages global teams to create impactful prompts using tools like Gemini, NotebookLM, and Gem creation, minus any API dependencies to maintain accessibility. Submissions include recorded demos, judged for innovation and business value.

“We’re trying to exercise that muscle, to use GenAI and drive value with it,” he explains.

Anderson has also embedded an AI-focused discipline into leadership routines. “Every week I ask them for the three P’s — progress, plans, and problems. And I’ve added ‘what’s something new or something you learned about AI this week?’”

This internal rhythm is not just tactical; it is strategic. One of his newest hires, for example, used NotebookLM to generate mind maps from onboarding conversations, identifying recurring stakeholder themes and insights. “I wouldn’t be able to do all of these things without the technology in place,” he says.

GenAI inside SaaS and the developer frontier

Beyond high-profile chat interfaces, Anderson reminds us that embedded GenAI is quietly proliferating across enterprise SaaS. “Today we’re tracking over a thousand of what we consider generative AI applications within the SaaS category,” he states.

Many of these are rebranded foundational models, tuned for specific workflows — like Salesforce’s Agent Force. Monitoring and governing these shadow GenAI applications is becoming just as important as managing standalone tools.

Then comes the developer layer: API-driven GenAI integrations, model drift, and prompt injection attacks. To address these, Netskope is building innovations that act as gateways between developers and private model training environments, with a focus on governance, context protocol, and security controls.

“We think about model context, protocol, and how I’m interfacing with enterprise systems,” Anderson says. “How do I put governance and guardrails around those interactions as well?”

He is particularly bullish on agentic AI use cases — autonomous, intelligent systems that require both flexibility and structure.

“I have some really good agentic AI use cases that I want to deploy, and I want to make sure we have the right guardrails around those as well,” Anderson concludes.

CDO Magazine appreciates Mike Anderson for sharing his insights with our global community.