This week I spoke to a number of GigaOm analysts about how they see 2023. Costs are driving, and consolidation, better architectures and more and governance are following, they told me – while this will cause a wave of uncertainty, you can be taking steps now to get ahead. Let’s tune into what they said, and do get in touch if you have any thoughts.
Cloud cost management is driving strategy
To start, organizations are looking to get on top of IT costs, leading with this rather than assuming cloud architectures will automatically be better value. Says Enrico Signoretti, “Everyone is looking for cost savings and re-assessing their cloud strategy for this – looking at flexibility vs predictability, public Cloud vs on-premises. They’re thinking twice before pushing stuff in the Cloud just for the sake of it, and repatriating data when necessary.”
Agrees Iben Rodriguez, “Everyone is trying to tighten the belt, being more frugal, so budgets are more limited. Instead of just spending money on everything, we have to choose wisely.”
A term that has emerged over the past couple of years in response is FinOps. “This will become a greater focus in IT management to address budget management issues of Cloud spending that has gotten out of control with no accountability,” says Michael Delzer.
This is driving increased interest from vendors that only partially solve for this. “I’m really tired of companies that do some kind of financial management, that are now calling themselves FinOps companies, as they don’t have the first clue as to what FinOps actually is, and where it sits in the organization,” says Howard Holton.
One option is to outsource to managed service providers, thinks Paul Stringfellow: “In the UK and Europe in particular, we’re seeing a real shift towards people wanting managed security services, managed infrastructure.”
But outsourcing is one aspect of better cost management, which is a great deal to do with tooling, products and vendor solutions having got out of control. “Organizations have almost got too much technology, they like to simplify and consolidate,” continues Paul Stringfellow.
Agrees Don McVittie, “Consolidation is a trend I see across the board, including DevOps pipelines, as budgets tighten and organizations get more picky about what they are willing to pay for.”
As Lisa Erickson-Harris illustrates in Healthcare IT and Virtual Care, this makes for interesting times for vendors. “There’s consolidation across vendors, creating ‘the gorilla in the room’ handling virtual care solutions, targeting health insurance companies, as well as care providers. Profit growth has flattened out in these companies. You can see it in what’s happening in their stock movement.”
Consolidation and convergence are particularly in security and service management
Maybe counter-intuitively, we see a shift from single-provider cloud centricity to a multi-provider, manageable and orchestrate-able platform. “The goal should always have always been hybrid multi-cloud. The right app, the right workload, in the right place, at the right time, for the right output. The problem is, cloud vendors have done their best to make it complex,” says Howard.
At the same time, we’re seeing a convergence of infrastructure applications and services, says Kerstin Mende-Stief, “My big prediction is that ‘my’ space will no longer exist. Infrastructure services such as networking, computing power, cybersecurity, and storage will become one and can no longer be considered standalone. This is evidenced not only by the evolution of cyber insurance but also by platform developments of market-leading vendors. Against this background, my prediction for 2023 is the breakthrough of (decentralized) Web3 in enterprise IT services.”
So, where are we seeing particular attention? Specifically, security and service management – not least because of the fragmentation in existing tools. Says Ron, “Endpoint management, asset management, patch management and security have managed to get themselves wrapped around each other’s legs so badly, none of them can walk! Asset management and patch management are coming together, but, not with security management. That’s a big problem.”
And on the service management side, continues Ron, “There’s some consolidation starting to take place between the various observability tools – AIOps, APM, Cloud management, and lastly, FinOps itself. We have too many vendors in AIOps; APM is reasonable; for Cloud management we have scattering.”
As a result, it becomes hard for technology buyers, says Iben: “For example, with the consolidation of applications – do I give my money to my vulnerability system, which is also trying to do inventory and CMDB updates? Or should I focus on Service Now, or something else?”
This is exacerbated by the siloed nature of enterprise IT, says Ron. “We have security and the patch, or the fix, in two different groups. Security keeps living in this ivory tower and not communicating with others as well as they should. That’s true in every company I know of, over 1 billion dollars.”
In consequence of end-user consolidation, we are seeing security and service management vendors increasingly coming together. Illustrates Paul, “A theme that came out of the refresh of my Unified Endpoint Management Radar was the move to unified Endpoint Security, EDR and Endpoint Management. The route vendors were looking at was either to build their own, or to build better integration.”
Concurs Ron, “Patch Management is finally beginning to merge with Endpoint Management.” But, he continues, “The guys who are security, are doing more governance than they are security” – which brings to our next topic.
Governance is emerging from botha project and a compliance perspective
As industry pressures change, so vendors are looking to respond: illustrates, Don MacVittie, “Given the US Government’s direction to require Software Bill of Materials (SBoMs) for all contractors, there is a rush to get tools implemented in a variety of existing technology markets.” And we are seeing similar with data sovereignty – an issue that has kicked off in Europe and is going global: suddenly, everyone is inventing sovereignty.
In a rush to provide solutions, however, vendors can create more challenges, adding to the complexity. The result is to feed the need for tooling consolidation still further, with the dual goals of simplification and alignment with needs. Continues Don, “Customers do not need dozens of tools generating SBoMs! Consistency matters, and having many vendors in several spaces implementing SBoM generation gives users options but can cause confusion. Enterprises should choose one as “the source” and turn all other generation tools off.”
In some cases, tools are extending beyond their historical remit, for better or worse – for example IT service management tools being used for project management. Says Iben, “Tools such as ServiceNow are being used in some organizations for project tracking, and it’s so complicated!”
Not only that but the value proposition for enterprise tools is aimed at larger organizations and doesn’t fit the needs of smaller and medium businesses. Says Dana Hernandez, “I’ve completed some interesting projects on SLA terms. What you would use as a large enterprise, is very different as a SMB. The tools for the SMBs don’t look great when you put them next to some of the enterprise tools, but would be great for the SMBs.”
To flip the model, we are seeing historical project tracking vendors such as Atlassian emerge into the service management space. Explains Ron, “ITSM is focused on ITIL, which is the gold standard. ITIL 4 will become standard in ITSM next year. However, some groups need a lighter version of that, smaller systems that are easier to use and cost less – especially in the SMB market.”
Other areas are moving from lighter to heavier weight, for example we talked about the upper end of Value Stream Management merging in with project portfolio management, to give organizations an overall business dashboard. Says Dana, “Across reports, I am seeing a continued interest in Value Stream Management.”
Silo-ed security is a blocker to progress
As well as consolidation for cost reasons, organizations are faced with significant security and compliance challenges: “Security attacks are up 3000%, which is an insane amount,” says Howard.
Two specific areas are infrastructure security and API security. Says Enrico, “We’re expecting embedded security in infrastructure for example checking security posture of your storage: tools embedded in backup/other solutions to check if volumes are correctly configured, so you don’t have unassigned files, or the wrong group assignments, as well as having more features that can act quickly on potential threats.”
Meanwhile, says Michael, “The security gap in chaining API calls will become critical for some companies and it will only be detected after a major breach.” Concurs Howard, “This is the thing that I’m hearing most about, the thing organizations are most concerned about. What we’re seeing now is not malicious attacks, but unintentional attacks: valid API calls are returning unintentional results. As in, the developer does not intend for that data to ever be returned.”
Data architecture are maturing, taking the weight off data science
Turning our attention to data, much of our interest is in terms of how environments are maturing, notably from service providers, supporting applications more broadly. “Data as a Service will be the saving feature to allow companies to successfully modernize their applications. This will be seen as DataLakes, BoatHouses, and Data Brokers that leverage legacy storage repositories as well as newer solutions like cloud-based data warehouses. This will drive more interest in Intelligent Data Processing, and Workflow systems. The PaaS value proposition will compete with K8s as less skilled cloud and infrastructure staff will replace high-cost staffing, that in the past custom-built every data flow.”
Catalyzing this is the need to deliver data to AI models and machine learning algorithms. Says William McKnight, “Historically, the data scientist has done a lot of (what I call) data cultivation, because the internal data environments have not been ready. I think that’s going to shift next year – for example data lakes have matured a bit, that’s where most of the data is coming from for data science. In 2023, we’re going to see data scientists start doing more data science, rather than data cultivation. Architectures are going to be built, adopted, matured, and transformed, to fit machine learning, as it sinks into organizations.”
The use of AI links to new data types and sources, not least the use and management of synthetic data. “Data Scientists don’t have the data to promote to great machine learning algorithms today. A lot of it is pretty basic stuff: understanding different accents, reading faces, natural language processing and so on. There’s synthetic data now for all that, and I see a growing market there, which is going to drive further adoption of machine learning,” says William.
AI is becoming a business enabler
Speaking of AI more broadly, we are seeing ML and AI-based functionality across our reports now. Says Andrei, “I have put AI on pretty much every report over the last 12 months, so I feel that a lot of vendors are rushing to deploy AI in one form or another.”
This is particularly true for security tooling. “We’ve always known Security was behind – security was a bottleneck, security couldn’t get enough staff and so on. Vendors are trying to answer that by using AI to restrict what needs to be done by people. In 2023 I think we will see a lot of forward motion in that direction, using AI not as the solution, but to save man hours,” says Don.
Equally, AI is being applied to real-world use cases. “Some new ideas are trying to emulate empathy using AI in healthcare,” illustrates Lisa, and equally we have the current wave of text-based AI driven by OpenAI and ChatGPT. Says Howard, “If you go to writer groups right now, they are talking about it. It’s very good at middle school level (which is what most writers write at), and there’s concern that these tools are good enough to start replacing their jobs.”
Equally, AI has its challenges, says Ron Williams. “I asked ChatGPT to give me a simple definition of what it was like for the life of a certain person, and it was accurate, really good. And the question is, with the AIs that we have, are we going to focus on the biases that they have? We need to look at this.”
In response, Alan Rodger explains: “The ubiquity of AI brings the need to prove, at the business level of the organization and down in the tech area, for compliance purposes and corporate responsibility, that AI is being done right. This means best practice in building models, plus controls to govern AI during its operation, documenting how the software is making its decisions.”
Agrees Howard, “I’ve spent a lot of time with Canada, US and EU legislation, specifically around the ethical use of AI. A primary focus is explainability, which is important. But when a legislator says that word, they don’t mean what we mean; rather they mean reducing the capability of AI, to that of an Excel formula.”
Environmental, social and governance are increasing in priority
Another area of interest is sustainability, albeit conflated with energy cost reduction, says Andrei: “I’ve heard a lot of people talking about sustainability and then energy efficiency, packing them into one.” This is fair given the current pressures on energy markets, he continues. “Cooling is going to be impacted by rising energy costs, but then you have regional or authority rebates or energy-caps so pricing could be a bit funny over the next couple of years.”
Concurs Stelios Moschos, “I can see a big trend in GreenOps, and anything that relates to sustainability. A lot of ideas have been shared on this, on LinkedIn and at conferences. I think it will be massive now, and for the next couple of years at least – I have been seeing interest growing for clients.”
Given the cost aspects (plus the fact that much hyperscaler energy is ‘low carbon’), this goes back to balancing between cloud and in-house facilities, says Enrico: “In the short term, it could be easier for them to move to the cloud, just because their data center is old and not that efficient. In other cases, enterprises are making huge investments in things like solar panels thinking about repatriating because it’s quite efficient from a cost perspective.”
Social and governance aspects of ESG are also important. ESG is huge in Europe, it has been for a while. The US is now catching up, and doubling down. We’re seeing more and more conversations, more and more requests for this,” says Howard.
Lisa Erickson-Harris also reports increased interest in Diversity & Equity, relating to data collection and data governance. “For the last 2-3 years I’m seeing it everywhere in the non-profit sector and now in state government. Being to capture data around how well we’re addressing diversity is a challenge that has nuances and I think it will be dominant in 2023 and beyond.”
Closing thoughts on uncertainty
We close with a wrap-up thoughts from our CTO, Howard Holton. “Uncertainty is the word of 2023. No one is an expert of any of the emerging areas we are seeing. AI, what’s that going to do for me? Those that make money out of AI are going to tell you, it does everything and makes coffee, but how to get value out of it yourself? Nobody really knows what this is going to look like.”
So, all in all, a lot going on, but to get ahead, you can look for areas to turn uncertainty into certainty, not least around costs and governance. By adding (looking how to build) a picture of each to your strategy, you will be in a stronger position than otherwise, and doing nothing will not be an option.