I was recently invited to join the panel for a NetEvents Inter@ctive CxO round table discussion Global Enterprise Customer Insights: An Analysis of 2021 IT Investment Priorities. The other panel members were:
The session was chaired by Jeremiah Caron, GlobalData’s Global Head of Research & Analysis -Technology Group.
Caron began with a presentation of GlobalData’s latest survey of over 200,000 enterprise IT budget holders worldwide which shows that – despite vaccinations and greater public education – over 50% of those surveyed still feel very concerned about the spread of COVID-19: “It’s still very much top of mind and does have an impact on IT investment decisions.” The peak of this concern was over 75% at the beginning of April 2020, and the lowest point was around 40% at the beginning of March 2021, but between these dates the level of concern fluctuated wildly with each pandemic news story. More telling, data came in to answer to the question: “How optimistic are you about your company’s growth prospects?”.
“In March 2020 optimism and pessimism were close around the 40% mark, and it was a good measure of business resilience and adaptability that saw optimism rise to over 60% by June while pessimism sank to around 25% – and there have been fluctuations but little overall change since then.”
COVID-19 coexistence provided the context, but not the content of the discussion, which moved on to the current investment drivers: Multi-Cloud Evolution, Edge Computing Advances, Cybersecurity Everywhere, AI-informed Innovation, SD-WAN/ Branch Evolution and 5G Monetisation. Of these, the discussion focused particularly on three topics: multi-cloud evolution, cybercrime and AI.
Multi-cloud adoption accelerated in 2020 and continued into 2021 as a response to the pressures of adapting business models and processes to the pandemic environment. There are still companies who prefer a single cloud environment for its relative simplicity and manageability, but the multi-cloud trend is here for at least 4-5 years according to Caron.
It was Seth Dobrin from IBM who said, “We need to make sure that people understand that there’s a huge difference between multi cloud and hybrid cloud. You’ve been able to do multi cloud for a while now, which is where you have different environments acting independently of each other, whereas hybrid cloud is how do we integrate seamlessly across all the different clouds? He also suggested that “Multi-cloud is much easier, hybrid cloud is much harder.”
A good point. In fact, I would suggest that “hybrid” is a key word for “the next normal”. (It really makes little sense to be still talking about “the new normal” when things are evolving so fast.) Caron himself admitted that all the 3 topics he suggested were in fact closely inter-related. For the word “hybrid” does not only apply to the cloud, but also increasingly to the way we will work.
“For years people have recognised the economies of scale, and how much more efficient it can be to concentrate an organisation into a large headquarters where everyone can be closely linked with shared facilities.”
Of course, there are exceptions such as retail that depends on a scattering of branches, but even there, the move to create hypermarkets rather than multiple corner shops. This mindset survived even though the technologies of high-speed networking, IP telephony and video conferencing were actually reducing the need to be under one roof. Where there were outlying offices or workers, the solution would be to connect back to the central database via MPLS. Then came COVID and the need to work from home, and suddenly these technologies became vital, as the workforce migrated to the edge. To link every remote worker to the data center via MPLS would be prohibitively expensive and inefficient. Local broadband was the immediate solution.
Something similar was already happening to data processing. Cloud services need to be very responsive if they are to replace software inside the PC, and that requires more local data centers to reduce latency. The same applies to streaming services and gaming if customers are to be kept happy. A further factor is the spread of IoT- the Internet of Things – where massive amounts of data harvested in the field would risk flooding networks with excessive traffic, unless the data is processed and distilled to useful information close to its source.
As GlobalData also highlights: “Cloud-native application development relying on virtualised and containerised software presents telecom, technology, and IT service providers with a huge opportunity to help their customers reinvent their own business operations thanks to more flexible, scalable, and manageable deployment options”.
So “the edge” is expanding and filling like a balloon. Indeed, Amir Khan suggested that “the cloud is the new edge” which makes sense in terms of the fact that every local data center and home worker can be part of a cloud. Dobrin too suggested that in the future “everything will be treated as an edge”. This ubiquitous cloud will itself be a highly “hybrid” mix of entities, processes and services – and that presents a huge challenge for security.
When GlobalData asked “Will your organisation change its investment in the following 12 months compared to last year?” nearly 50% said they would be spending more on cybersecurity – more than on any other form of digital transformation.
With so much moving towards an expanded edge, the surface area for attack increases dramatically. We no longer have simply defined perimeters like “the corporate network” when wireless networking expands the boundary, and home workers need the same level of access as they enjoyed at the office. Cyberattacks are now so common that it is no longer a question of “if” but “when” an organisation will be breached. When breached, on priority is the speed at which the business can mitigate the incident and return to work.
So, businesses are no longer looking for individual security solutions, instead they want an ecology of security solutions working together to help prevent, detect, respond, and recover from security attacks and breaches. As mentioned, the old security of private MPLS links is too inflexible and expensive, while the domestic security of a home network is not enough for critical business operations. It is not enough to simply remember a password – what is needed is “zero trust” security where access can be tailored to an optimal and practical blend of criteria which can include the individual, or a location, or a device, or certain applications and levels of access according to the company’s carefully thought-out security policy.
According to Chris Bedi, cybersecurity should not be looked as one more added burden, but as a “strategy enabler”. A well designed zero trust policy should make it easier to stay secure by limiting options rather than adding more layers of defense. If that policy is clearly designed around the company’s needs it becomes a strategy enabler. As Bedi said: “The narrative around cyber needs to change from solely risk mitigation… to being an enabler of the company’s go-forward business strategies.”
One of the long-standing laws of security has always been “keep it simple”.
“Over-complex procedures and technologies are a headache, and human nature will bypass them when under stress to deliver results.”
So how does this apply to today’s need for an elaborate ecosystem of security, defense and recovery solutions? The answer lies in Artificial Intelligence and Machine Learning – improving cyber defense by more accurately telling the difference between harmless anomalies and serious threats.
“Keep it simple” is a realistic recognition of human weakness: we are not too good at maintaining vigilance on boring, repetitive situations such as checking every little operation for anomalies. We are far better at being creative and responsive. Happily, machines are much better at the former (and some people believe they might become better at the latter too). For now, that means that it is not the simplicity of the security solutions that is important so much as the clarity of the interface – and Machine Learning can do a lot of the work by recognising what is a serious breach and not wasting time with false alarms.
Nor is security the only problem area. An ever-expanding edge throws up a lot of issues about privacy and conformance – just the sort of issue that can dazzle busy humans with legal complexity, but which lend themselves to the algorithms of AI. This is another example where security can become a strategy enabler, by forewarning of possible data leaks or boundaries being crossed.
This is not yet a simple solution, according to Dobrin: “There’s ways to infer things from models – so how do you protect your models from releasing information? How do you make sure that your models are trained in a way that prevents people from poisoning the data pool? Then how do you make sure your models are trained in a way that doesn’t surface private information?” He pointed to the acceleration of AI in response to COVID-19 as an example of how well it works when driven by use-cases rather than curiosity. He called for a human-centered approach where Chris Bedi said it was vital to understand the user and what outcome was actually desired.
The move should not be to add further layers of complexity for the user, but to integrate security and networking into a single service. To offer self-driven network automation of a sort, better served by machine learning and a solution that can extend right out to the edge.
A service that reduces the need for workers to be forever looking over their shoulders for threats, allowing more time for focusing on objectives. Or, as Amir Khan suggested, when people used to talk about the work/life balance, we have now moved to “life balance”.
To find out more…
These are only a few impressions of mine from a longer in-depth discussion. I recommend listening to the full discussion available for free here. The full downloadable transcript of the discussion and GlobalData’s presentation slides are also available on the NetEvents website.