.svg)
Inside An HP Leader's 'Porous Principles' For AI Innovation
HP's Aaron Weller shared how to reframe governance as a strategic tool to help organizations accelerate innovation.
Key Points
- While leaders see AI governance as a compliance roadblock that slows innovation down, complex legacy systems and fragmented global regulations create significant business risks.
- Aaron Weller, the Privacy Innovation & Assurance Center of Excellence Leader at HP, explained why AI governance is a strategic function that uses financial incentives to align teams on key priorities.
- With financial arguments to drive modernization, flexible architecture for global compliance, and AI for defensive tasks, leaders can focus on solving bigger problems and building more trust.
Most leaders see AI governance as a roadblock—a compliance chore that slows innovation. But now, a new approach is gaining traction, one that reframes governance as a strategic tool for resource allocation. By eliminating redundant efforts, a more porous form of AI governance can help organizations focus on projects that truly differentiate the business.
For an expert's take, we spoke with Aaron Weller, the Privacy Innovation & Assurance Center of Excellence Leader at HP. Having co-founded two startups, led the West Region privacy practice at PwC, guided compliance strategy at tech giants like eBay, and served as both a Chief Information Security Officer and a Chief Privacy Officer, Weller has seen the governance problem from almost every angle. Today, his philosophy reflects a growing reality for many CIOs: the most effective governance functions align finance, IT, and risk teams around shared incentives rather than top-down rules.
"To accelerate innovation, leaders must make their organizations' boundaries porous. Let ideas out, and let ideas in," Weller said. It's a mindset that encourages leaders to look beyond internal checklists and toward external opportunities, he explained. That doesn't mean abandoning security. But it does mean managing risk intelligently.
For Weller, the key is creating controlled "sandbox" environments. Here, teams can experiment with new technologies without connecting them to the main corporate network. "One of the major roles of governance is the resource allocation side, asking, 'Are these the number one things we should be doing in line with our strategy?'' Not duplicating 50 different chatbots." Meanwhile, a too-narrow focus on strategic allocation often clashes with the realities of legacy architecture, he cautioned.
Complexity's culprits: Somewhere in the backroom of almost every bank, a mainframe is still running transactions, Weller continued. Today, that tangle of old systems hurts the enterprise in two ways: "Complexity is the enemy of security. The more complex it is, the harder it is to secure. But it's also often the enemy of cost control."
The financial lever: One effective way to drive change is by reframing the conversation around its financial imperatives, he explained. "I asked, 'Have we tried talking to finance about just how much this is costing us?' That's the conversation we're going to have—not so much that we need to change it for technology reasons, but more for cost ones."
The effects of this strategic mindset are most palpable when they translate directly into Weller's daily decisions. When a team questioned adding a country-capture field to a form, for instance, he didn’t frame it as a compliance mandate. Instead, he made a business case, demonstrating how a small, proactive design choice aligned with both the financial and architectural principles he champions: "Adding that one field could save us a million dollars down the track if we keep getting requests we don't have to comply with."
Boring but important: Before implementing any modular framework, however, leaders must master the fundamentals first. Strategy is useless without execution, Weller continued. For him, execution begins with answering a deceptively simple question about the corporate environment: "How many databases does it have? How do you know that you've encrypted all of them? That's the piece that's really tricky because that's the stuff that's boring but important."
Fortunately, the same technology that creates these governance challenges also offers the solution, Weller said. Now that automation can handle most of the asset-management work that traditionally drains human resources, the future of compliance is in using AI for defensive purposes. "It's those kinds of things that allow us to take our limited governance resources and actually focus on the stuff that's important and not the busy work," he said.
Both technology and strategy are only effective when built on a human foundation of trust, Weller concluded. In response to this new reality, the modern governance leader must act as an internal connector, solving problems for other teams, he said. "If you're going to be successful in this kind of role, a lot of it's just listening to what people are doing and listening to their pain points. If we address the pain points and we get more compliant at the same time, you've got someone that will actually call you next time something comes up."
