At the Gartner IT Symposium/Xpo 2024, a critical focus was the architectural shift required for effective AI integration. Two concepts—the tech sandwich and TRISM technologies—were highlighted as essential tools for CIOs to manage AI’s growing presence in the enterprise.
These ideas present a new way of thinking about technology stacks and security as AI continues to evolve and permeate every layer of business operations.
The Tech Sandwich: A New Framework for AI Integration
In the traditional IT world, organizations have relied on tech stacks—linear, hierarchical systems where one layer of technology supports the next, from infrastructure to data and applications. However, the nature of AI, especially Generative AI (Gen AI), disrupts this traditional model.
AI and data are no longer neatly organized, coming from decentralized, often unstructured, sources. To reflect this, Gartner introduced the concept of the tech sandwich as a more dynamic and flexible architecture suited for the AI-driven enterprise.
What is the Tech Sandwich?
The tech sandwich represents the idea that, in the era of AI, technology and data layers are not strictly vertical but layered horizontally, with elements both at the top (decentralized AI and data) and at the bottom (centralized IT systems). Think of it as a more fluid, interconnected structure—like a sandwich—where various parts of the business, not just IT, are contributing AI technologies and generating data.
Key components of the tech sandwich include:
1. AI Everywhere: AI capabilities are embedded in existing applications, such as enterprise resource planning (ERP) and customer relationship management (CRM) systems. In fact, by 2026, Gartner predicts that over 80% of enterprise software will have AI components.
This means AI is not isolated in one place but spread across various departments and tools.
2. Data Coming from Everywhere: Data, particularly unstructured data (emails, call recordings, PDFs, etc.), is generated from all corners of the organization. To utilize this effectively, AI needs to operate on messy, decentralized datasets. Instead of pulling all data into a centralized repository, AI can now work directly with the data where it resides, interpreting and using it without requiring traditional cleaning and structuring.
3. Packaged, Embedded, and BYO AI: The tech sandwich includes Packaged AI (from external vendors), Embedded AI (built into existing software), and Bring Your Own AI (BYO AI) (adopted by individual departments, often without IT’s direct oversight). This decentralized adoption creates a mix of AI technologies, all layered together in a sandwich-like structure.
This layered approach helps CIOs manage the complexities of AI integration, ensuring they’re not locked into rigid tech stacks, but instead able to respond to the varied needs and capabilities of different departments.

In this model, AI can “go to the data” instead of the traditional method of centralizing data for AI.
This flexibility makes it easier to manage the expanding array of AI tools and datasets, but it also introduces challenges in terms of control and trust.
TRiSM Technologies: Ensuring Trust in the AI Era
While the tech sandwich offers flexibility and innovation, it also brings risks, especially in areas like data security, compliance, and AI trustworthiness.
This is where TRiSM technologies come into play.
TRISM stands for Trust, Risk, and Security Management—a new class of technologies designed to enforce governance, monitor risks, and ensure the security of AI systems across the enterprise.
The Need for TRISM Technologies
As AI adoption accelerates, so do its risks.
From privacy violations to AI “hallucinations” (where AI generates incorrect or nonsensical outputs), ensuring safe and reliable AI use is paramount. According to Gartner, 29% of organizations reported AI-related privacy or security incidents in 2023. Additionally, the costs of AI, particularly Gen AI, are unpredictable, and mismanagement can lead to massive financial and security risks.
CIOs can no longer rely solely on human oversight, governance committees, or traditional risk management frameworks.
As the number of AI systems grows, real-time, automated enforcement of trust policies is essential. TRiSM technologies are designed to scale AI governance in ways that manual processes cannot, providing continuous monitoring and enforcement of security, privacy, and ethical standards.
Key Components of TRiSM Technologies
1. Guardian Agents: These automated agents act as gatekeepers, ensuring that AI systems are following the rules set by the organization. For example, they can monitor AI outputs in real time, flagging inappropriate responses (like hallucinations) or violations of data privacy policies. In some cases, these agents can prevent sensitive data from being exposed or ensure that AI-generated content is accurate and aligned with corporate guidelines.
2. Real-Time Monitoring: TRiSM technologies enable continuous monitoring of AI activities, unlike traditional governance systems that might rely on periodic reviews. This is crucial because AI systems, especially those using real-time data, require instant oversight to prevent costly or damaging outcomes.
3. Compliance Enforcement: As AI systems pull from various datasets—often without centralized control—ensuring that compliance policies are followed becomes a major challenge. TRiSM tools ensure that AI models respect data privacy laws (like GDPR) and internal security protocols, automatically enforcing access rights and permissions.
4. Output Filters: One specific example mentioned during the keynote was a TRiSM output filter that prevented inappropriate AI responses, such as when an AI model suggested eating rocks based on an erroneous data source. These filters ensure that AI-generated content is not only accurate but also adheres to ethical guidelines and company standards.
Implementing TRiSM in an AI-Driven World
TRiSM technologies are essential for AI-accelerated organizations—those with more than 10 AI initiatives and high ambitions for leveraging AI to transform their business. For these companies, traditional governance structures can’t scale fast enough to keep up with the pace of AI adoption. By using TRiSM technologies, CIOs can ensure that their AI systems remain secure, compliant, and trustworthy, even as AI becomes more integrated into day-to-day operations.
For organizations operating at a steady AI pace, TRiSM is still valuable but may not need to be as comprehensive. Governance and security practices can rely more on human oversight and smaller-scale automation.
However, as AI initiatives grow, TRiSM will become indispensable for scaling governance effectively.
The Wrap
The combination of the tech sandwich and TRiSM technologies offers CIOs a roadmap for successfully integrating AI into their organizations. The tech sandwich framework provides the flexibility to manage a wide array of AI tools and datasets, while TRiSM technologies ensure that this complexity is governed securely and responsibly.
By building a tech sandwich tailored to their needs—whether relying on embedded AI, packaged solutions, or in-house developments — CIOs can maintain control over a rapidly expanding AI ecosystem. Meanwhile, TRISM technologies provide the safeguards needed to manage the risks of AI, ensuring that these systems are trustworthy, secure, and compliant with both internal and external standards.
As AI continues to evolve and become more integral to enterprise systems, understanding and implementing these concepts will be key for technology leaders looking to navigate the dual AI races of innovation and outcomes safely and effectively.