It’s been over a month since I attended the Gartner IT Symposium/Xpo in Orlando and I’ve spent that time really chewing on some of the great sessions and thought leadership presented at the show. Modern IT practices remain a moving target so plugging into the analyst machine every once in a while helps me get a bigger picture beyond even our day to day at Green House Data (which can be pretty diverse itself, with big pushes on DevOps and digital transformation while we balance our existing data center, cloud, and managed services pillars).
It was interesting hearing Gartner start to shift their message from “cloud is the only option” to “cloud is an option.” As cloud adoption strategies have matured we have seen this attitude shift as well, with more organizations looking multi-cloud while maintaining some on-prem systems. One presentation on public cloud costs compared to on-prem data centers really helped drive this home. The bottom line is that the cloud is not automatically cheaper or even necessarily more efficient depending on the application or purpose of the deployment.
Other major topics included how to find digital talent, as the management of human capital and IT teams continues to evolve alongside the industry, as well as one of my favorite presentations, “Are You Maximizing Your Security Operations Center,” which had a ton of great information around security.
With the symposium still fresh in mind, here is my list of where enterprise IT operations are heading in 2020 and beyond.
The quest for analytics-informed decisions can be a difficult one. I like to boil this down as, “What do I need to know? Who needs to know it? Have I told them yet?”
But there are many other questions that go into BI. Which metrics are important to measure? How often should I report? What tools do I need? And maybe most difficult – what data do I collect, and how do I find data to compare myself to the market?
Many organizations are working through those questions to lead the charge into analytics-based decision making. Within the IT realm this is becoming more and more important as we spend on a wide array of services and attempt to modernize and automate. We must determine which initiatives are delivering business value and back it up with metrics.
This goes hand in hand with becoming more data driven and the popular buzzwords “continuous improvement.” The only way to constantly iterate and improve upon your processes, human capital, and technology is to be continuously reviewing, benchmarking, and adjusting your strategy accordingly.
We’re far past the time where you could buy a few servers and run them for 5+ years with the same software stack. Disruptive tech is released regularly. IT leadership must evaluate how it fits into their strategy moving forward to ultimately help the organization become more productive by supporting real business outcomes.
That brings me to my next trend, which is the evaluation, testing, and deployment of disruptive technologies like serverless computing, Infrastructure as Code, or automated deployment and management of IT resources. These involve huge changes to the way we roll out and manage infrastructure and applications, but even relatively more benign tech can cause disruption, like the introduction of a multi-cloud management tool or redesigning a legacy application to run in the cloud.
A strong CIO or CTO is constantly exploring new technologies that could be useful within the organization. A lab environment is easier than ever to configure in the cloud. Are you experimenting enough?
Let’s face it. We’re all relying on a multitude of hosted services. With key business activities hinging on access to PaaS and SaaS, connectivity has become even more vital. Your networks must work flawlessly to avoid user disruption or even worse, downtime for critical systems that process transactions or handle logistics, databases, resource management, and other functions that can completely ground your operations and hurt your bottom line or reputation.
Data transit costs can be high – how are you moving information to and from hosted platforms? Latency between services might have a ripple effect. Do you need direct cloud connect? Tech leadership needs to have a strong, long-term strategy around connectivity beyond reliable networks. Don’t plan for your current usage, but what you anticipate a few years down the road.
As we have already established, there are a multitude of cloud services in use at most enterprises. Creating an overarching multi-cloud strategy is vital to avoid sprawling consumption that spikes your spending and brings significant compliance and security headaches as well.
You need individuals and perhaps even teams who are responsible for auditing, controlling, and reporting on cloud usage according to your established guiding protocols around cloud use. You should have standardized architecture and security rules for all cloud services along with mandatory request and approval processes for SaaS to help guide visibility and strategy across the organization.
Inventory management has always been a bit of a headache especially at large enterprise organizations, where the device count can easily range in the tens of thousands. Now you can add in multi-cloud deployments with thousands more digital infrastructure resources across various providers on top of your physical devices.
Automated tools for HDIM (which is Gartner’s term for managing digital infrastructure, AKA hosted VMs, containers, and other components of your cloud stack) are emerging to make it easier to track, manage, and analyze your overall inventory. Visualizing the workflow using these tools helps ID which areas of inventory can be consolidated or decommissioned, especially if paired with a committee or center of excellence which is charged with digital resource management and efficiency. While HDIM is still developing, we’ll be keeping a close eye on the market in the next couple of years.
Somehow we’ve made it to number seven on this list with hardly a mention of infosec. Looking forward, we expect to see CARTA principles (Continuous Adaptive Risk and Trust Assessment) replacing the “set it and forget it” or binary decision making around security tools and processes. In the modern IT environment, security requirements are constantly shifting. For example, we generally might use a series of “yes / no” questions to determine access to sensitive apps or data. This is usually defined in your AD or other persona management. Does this user have permissions? And so forth.
CARTA instead uses a dynamic evaluation of risk and trust that is based on the exact current scenario, evaluating contextual factors like time of access, location, and previous behavior to determine if access should be granted. While it requires additional tools and a holistic view of roles and privileges, it promises to offer a dynamic approach to security that can not only offer stronger controls but also more user flexibility.
This automated and analytical approach to security will also push Security Operations Centers to implement Security Orchestration, Automation, and Response (SOAR) and threat intelligence platforms (TIPs) rather than relying on traditional Security Information and Event Management. Most SIEM platforms rely on alerts and human action for resolution with limited automated features.
These evolving SOAR and TIP solutions collect and automate security information from across your IT stack and user devices. With that data in hand, they can automate responses to potential infosec flags, making it much easier to reduce incident response times and facilitate threat location, alert triage, management and quarantine of vulnerable or compromised systems, and digital forensics. They can even help curtail social engineering attacks like phishing.
An ongoing trend has been increasing influence of CTOs and CIOs on overall business strategy and leadership. No longer focusing solely on technical acumen and the nuts and bolts of daily IT operations, c-level IT staff are instead expected to determine how technology can help deliver on key business initiatives and goals. In 2020 and beyond, I expect this to continue, as various VPs and division heads take on the mantle of technology management and evaluation and CIOs and CTOs report directly to the CEO, rather than folding up under finance or other departments.
Using business acumen to make IT decisions isn’t an entirely new concept, but it has become increasingly important. Operational leadership, IT leadership, and entrepreneurial spirit are all required in order to drive innovation, deliver on strategy, develop talent, modernize the enterprise, and operate a tight IT model.
On the subject of talent development, tech leaders are always looking for more qualified workers. One essential component is internal training and development, rather than hiring from outside your existing talent pool. By modeling an internal talent marketplace on the gig economy and other agile talent acquisition methods, you can source available talent from within the organization and avoid changes to employment categories. They also help implement tracking and documentation of skills and competencies so you have a better overall handle on your available resources, sometimes referred to as skill-mapping.
The general idea is to take the overall pool of available staff within your organization and match them to short-term projects and opportunities, some of which may be outside their department or daily purview. This cross-pollination and boundary-expanding experiential work placement has the potential to foster innovation by bringing fresh ideas and talent into new corners of the organization.
Every organization has different strengths, weaknesses, strategies, and requirements when it comes to approaching IT leadership and strategy. But at least one of the above trends, if not several, will likely have some impact on your IT operations in the next 12 months. Others, such as the internal talent marketplace, are somewhat new concepts that we may not see take hold for some time yet, but still bear consideration as we look to keep innovating, gaining efficiencies, and delivering business value through the power of technology.