Cloud migration. Reverse cloud migration. Cybersecurity. Risk and governance.
These issues faced by organizations in 2023 will be exacerbated in 2024, yet emergent technologies will help solve or mitigate them.
ITOps Times reached out to experts in the I&O space to get their thoughts on what 2024 will look like for IT professionals. Here are their thoughts.
Matt Waxman, SVP and GM for data protection, Veritas Technologies
For every organization that makes the jump to the cloud, another will develop an on-premises datacenter as hybrid cloud equilibrium sets in. The percentage of data stored in the cloud versus on-premises has steadily grown to the point where it is estimated that 57% of data is now stored in the cloud with 43% on-premises. That growth has come from both mature companies with on-premises foundations making the jump to the cloud, and newer companies building their infrastructure in the cloud from the ground up. But both categories of organizations are learning that, for all its benefits, the cloud is not ideally suited for all applications and data. This is leading many companies that made the jump to the cloud to partially repatriate their data and cloud-native companies to supplement their cloud infrastructure with on-premises computing and storage resources. As a result, in 2024, we’ll see hybrid cloud equilibrium—for every organization that makes the move to the cloud, another will build an on-premises datacenter.
Michael Crook, Market Development Manager – Data Centers, Corning Optical Communications
The rise of multi-tenant data center spaces. Hyperscale operators design and build the largest data center campuses. But with the increasing power and land requirements necessary to support AI, ML, and other emerging applications, hyperscalers and others may need to look at alternative methods to build facilities even if it’s just for a single purpose, like an AI network.
Bernd Greifeneder, Chief Technology Officer and Founder, Dynatrace
SIEM will become irrelevant as security teams turn to intelligent threat analysis. In 2024, next-generation threat intelligence and analytics solutions will phase out security information and event management (SIEM) systems. These modern solutions enable security teams to extend capabilities beyond log analytics to access the context provided by a broader range of data modalities and different types of AI, including generative, causal, and predictive techniques, working together. As a result, organizations will gain access to deeper and more accurate, intelligent, and automated threat analysis, helping to protect their applications and data from increasingly sophisticated threats.
Mark Troller, CIO, Tangoe
Urgency in Technology Cost Governance. There will be a critical need for immediate attention to technology cost governance in the face of escalating cloud expenditures and a constant demand for digital innovation in 2024. Failure to control tech spending may lead to budget drains or losing ground to competitors who leverage IT waste for digital transformation. As innovation spreads, the growing complexity of controlling costs with technologies like Generative AI, SD-WAN, SASE, and IoT devices will rise, with emphasis on the necessity for visibility, centralized management, and AI-driven solutions. With this, we’ll see the emergence of Chief Cost Management Officers and enhanced collaboration between CFOs and CIOs to navigate the complexities of GenAI and cloud infrastructure. The integration of IT and finance departments will be crucial for balancing digital initiatives with budget performance.
Andrew Moloney, Chief Strategy Officer, SoftIron
Geopolitical Impact on IT. Geopolitical instability is expected to persist in 2024, prompting nation-states to focus on boosting their sovereign resilience. This includes investments in sovereign clouds, tactical edge capabilities, and protection against state-sponsored cyberattacks on critical infrastructure. Further, Investments in hardware innovation will become more commonplace, driven by AI and processing power requirements. This will reinvigorate interest in “hard tech” and hardware-related startups, disrupting traditional IT infrastructure design.
Joshua Bartolomie, Vice President of Global Threat Services, Cofense
Organizations will shift to focusing on what they don’t know about their cybersecurity risks, leaning on threat intelligence more than ever. As threats continue to mount due to global conflict and economic pressure, organizations will pivot to analyzing what they don’t know about their cybersecurity risks rather than making assumptions and move past “check the box” strategies. To do this, organizations will need to lean on threat hunters and threat intelligence to find out what should be a focus in their cybersecurity strategies. Threat hunters are like house inspectors who come in and poke at the walls and the foundation to find things that need to be fixed. Good, actionable threat intelligence will help organizations quantify their risk, give context into how threats are delivered and allow security teams to make informed decisions to stay ahead of threats.
Risk, Compliance, and Security Functional Convergence. Organizations are becoming increasingly aware of the duplication and added cost of treating compliance, risk, and security as separate and distinct functional areas. As regulatory pressure drives further compliance complexity, while competitive pressures demand agility, enterprise leaders look to security, risk, and compliance to take a more proactive posture that enables smarter, risk-aware strategic business decisions. As compliance takes center stage as the primary means of asserting and validating security and risk posture and communicating trust, compliance agility, readiness, and integrity will be seen as critical capabilities, eventually becoming matters of competitive advantage, especially in regulated industries and sectors heavily involved in government contracting activities.
Jim Broome, President and CTO, DirectDefense
SSO gets scrutinized: Gone are the days of “one password to rule them all!” While single sign-on (SSO) is a great way to streamline logins for employees, it’s also a great way to hand over widespread access to an attacker. When SSO is abused, attackers will log into multiple accounts and databases at the same time, so a company is unable to fix everything all at once and ends up scrambling to identify, respond, and remediate as fast as possible. Next year we’ll see more defenses for SSO – organizations should disallow SSO for operationally critical applications like security and network infrastructure applications.
Ryan Maltzen, Cybersecurity Architect, Fortra
Generative AI-based technologies and other similar technologies will make a broader splash into the various cybercrime markets. With Deep Fakes and other identify-falsification methods on the rise (and with reduced complexity) we will start seeing these used more frequently in mainstream phishing-style attacks, in cyberbullying, extortion, and for other purposes. The need to be able to properly identify and attribute these falsified creations will be a hot topic and should gain a large amount of focus as the malicious uses rise in quantity and quality.
Why the fall of AIOps is the triumph of LLMs. Expect to see more companies reach a breaking point with AIOps and shift their focus towards the potential of LLMs. While AIOps was a laudable concept when introduced, in practice it has failed to live up to its promise. Modern developer teams have come to hate the APM model of a “pretty picture” produced by a proprietary agent because it leaves no way to drill down to actual underlying data. The idea that you could train a model on data emitted by apps, that change everyday, is nothing more than a pipe dream. That is why every APM vendor was forced to partner with a logging vendor, because the logs actually tell developer teams the full situation. Large Language Models (LLMs) appear to be a far more promising alternative because they attack the problem differently and help users make more intelligent decisions. Companies are waking up to this fact but many more will begin to act on it in the new year.”
The use of biometrics in place of passwords will significantly change the risk landscape.
As organizations quickly adopt technologies like Okta Fastpass, which uses biometrics for authentication instead of passwords, the way in which bad actors operate will change. We expect an increase in two areas: breaches caused by social engineering (already on the rise), and breaches caused by Insiders (already over 40% of all breaches). Insiders who have legitimate access to source code, sales forecasts and contacts, and HR data continue to take data from organizations when they depart for competitors or start their own companies. As we reduce the ability of hackers to access our data using weak passwords, the focus on solving the insider problem will become more pronounced.
Bala Kumar, CPO, Jumio
The number of ‘influencer bots’ on social media will exceed the number of real human accounts. Nearly half of internet traffic is now bots — alarming, considering this is almost equivalent to the amount of human-operated internet traffic. And while catfishing has been around for a while, bot-operated social media accounts bring a new meaning to the word. Many social media users have already come across social media accounts that are entirely bot-operated, posing as influencers with seemingly realistic posts and comments. It’s becoming increasingly difficult for social media users to discern real accounts from fake ones. On the other hand, businesses are also paying these ‘influencers’ to promote their products without even knowing they are fraudulent. The onus will be on social media platforms to deploy identity verification tools with advanced liveness detection technologies to identify bot-operated accounts.
Brian Pontarelli, founder and CEO, FusionAuth
Demand for a better registration process will be on the rise. As digital interactions increase, companies face the challenge of orchestrating secure yet seamless registration workflows. In 2024, registration will continue to be a key component within customer identity access management (CIAM). However, consumers and companies alike will expect more from the registration process. Over the next year, vendors will be urged to address complex registration workflows like Know Your Customer (KYC) protocols and seamless third-party integrations. These upgraded registration processes will have immense benefit for users, allowing them to experience less UX friction, more transparency with federal legislation such as HIPAA, GDPR and CCPA and more self-service options, among others. And as new regulations come into play and digital services expand — especially in key industries such as finance, e-commerce, healthcare, real estate and cryptocurrency — KYC vendors will play an even bigger role in CIAM to verify identities, monitor transactions and ensure compliance in the coming year.