What the Emerging Transformation Trends of 2023 Mean for Enterprises
From skills to sustainability, Contino's Practice Leads look at how businesses can harness the latest technology trends.
We’re well into 2023, but the future remains uncertain. As the threat of a global recession still looms and ever-more sophisticated cyber attacks have the power to impact not only businesses but supply chains, Denham Pinder, Managing Director of Contino APAC, warns of the risks of reducing IT spend.
2023 appears to be the year for heightened responsibility across security, sustainability and data. Just as our greenhouse gas (GHG) footprints are no longer solely the responsibility of our cloud providers, we also need to be more aware of the security of our vendors and to take extra steps to ensure we’re not only tick-box compliant but completely protected.
Resilience might be the name of the game for many, but how much room is there for experimentation that allows businesses to harness the range of exciting new technologies that could give them a competitive edge?
In this blog, our Practice Leads draw on their wealth of expertise to reflect on the emerging trends that they’ve already started to notice this year, and what these mean for businesses. As well as the hot topics of data and AI & ML, they discuss the IT mainstays of security and workforce skills, and why 2023 will see a rise in cloud sustainability strategies and serverless architectures.
Read on to learn more about the key themes that enterprises might want to consider as they continue to look to scale in an unpredictable economic, social and environmental climate, while remaining ready for whatever’s around the corner.
Security
Security impacts all aspects of digital transformation and it might look a little different depending on your cloud service provider (CSP). As security threats and attacks become more sophisticated, so too must our defences. Marcus Maxwell, Contino’s Security Practice Lead, believes enterprises should be paying attention to four key areas: software supply chain security; zero trust; Software-as-a-Service (SaaS) vendor standards, and secure by default.
Software supply chain security
Since the 2020 breach of SolarWinds and the attacks that followed, along with the multiple approaches of typosquatting or takeover of open-source packages hosted on public package registries including researcher Alex Birson’s novel software supply chain attack, software supply chain security remains one of the fastest-growing areas in enterprise security.
For teams wanting the lowest hanging fruit that helps them understand what’s inside the packages they run, they’d be well-advised to adopt a software bill of materials (SBOM); additional metadata (such as how the package was built and by whom) can be provided through frameworks such as Supply-chain Levels for Software Artefacts (SLSA), which helps us understand if we can trust the packages we run in our environments.
Zero trust
Zero trust is a wide area, and in 2023 we’ll primarily see the adoption of two things: VPN-less access to cloud resources, and device posture verification. Regarding the former, cloud vendor solutions such as Google Cloud Identity-Aware Proxy, AWS Verified Access and Microsoft Defender for Cloud Apps are demonstrating a lot more maturity in this space, and we can also expect an uplift in adoption of cloud agnostic solutions such as HashiCorp Boundary, particularly in the case of multi-cloud.
As for device security, it’s no surprise, given most phishing attackers can steal users’ multi-factor authentication (MFA) codes, that we’re seeing a move towards device posture verification and tools such as Azure-AD conditional access, as well as the increased adoption of universal second factor (U2F) over traditional one-time password (OTP) MFA.
Higher security standards from SaaS vendors
With the number of attacks on SaaS vendors rising each year and the serious and widespread consequences this can have, expect to see a lot more scrutiny and transparency, to the point that enterprises have a greater duty than ever to understand how robust their vendors are.
This will go beyond the current status quo of providing a simple audit log of who logged in when, and will include the full visibility of security logs so that organisations can carry out in-depth investigations. SaaS vendors have to be the first ones to adopt software supply chain security practices, and we’ll likely see more companies asking to see a SaaS vendor’s software bill of materials.
“Cyber threats continue to evolve so software engineers will need to stay up-to-date on the latest security technologies and best practices to help protect their systems and data. This includes the use of secure coding practices, threat modelling and penetration testing, and incident response planning.”
Nigel Mahoney, Software Practice Lead
Secure by default
In the early days of cloud, one of the first priorities was to enable developer productivity as soon as possible, but this has led to various issues such as VMs open to the internet, data being unencrypted and logging being non-existent. What we are seeing now is that cloud vendors are striking a balance between productivity and security, be it by ensuring public access to data is denied by default or by having sane defaults provisioned when starting a service.
This is an extremely welcome change, as it reduces the overhead and burden placed on security teams who’ve long had to chase up developers each time they started new services with misconfigurations that would flag up on their security dashboards.
For a more detailed look at secure by default, read Jim Curtis’s blog, Secure by Default: How to Build Your Cloud Architecture From the Back.
Skills
The 2020 Future of Jobs Report from the World Economic Forum (WEF) predicted that half of all employees will need to be reskilled by 2025, listing two of its top 10 skills of 2025 as ‘Technology use, monitoring and control’ and ‘Technology design and programming’. Eight of its top 10 in-demand jobs were directly related to technology, data and digital transformation, so if businesses haven’t already started to empower their teams, 2023 is definitely the year to start.
Security skills are in short supply and organisations have an important role to play in supporting upskilling of their existing security teams in terms of cloud and the latest in application security. With more and more new services, techniques and technologies being rolled out, customers are putting critical and advanced workloads into the cloud, so it’s vital that digital transformation teams can support customers from both a resilience and security perspective.
Our recent report on The State of Cloud Security in the Enterprise, shows there's increased demand for Certified Kubernetes Security Specialist (CKS), a particularly useful cert to have if you plan to get more into the cloud-native security space. Another new and in-demand cert that gives a view into a different area of security is the CSA CCSK.
Cyber training, cloud vendor certs and workshops are going to play a key part in not only building resilient businesses, but also in developing a robust workforce that can keep up with the pace of innovation. At Contino, we’re already working to meet this demand by launching a brand-new Google Cloud Security Workshop and we’re developing similar workshops in Azure and AWS.
The Google Cloud Platform (GCP) practice is currently seeking to expand its offering to include bespoke workshops and on-demand sessions around Kubernetes 101, supply chain security and software delivery best practices, with CICD examples on GCP cloud-native services, and service-to-production walk-throughs using GCP, on Anthos and on GKE.
“I’m really excited about the possibilities we have this year to educate and upskill across a range of areas that support engineers and C-Suite stakeholders. We want to help baseline engineering, architect teams and support engineering leads to think about how to approach cloud adoption with GCP.”
Jaroslav Pantsjoha, GCP Practice Lead
With the surging interest in AI & ML, it’s no surprise that data analysts and scientists, AI & ML specialists, and big data specialists are the WEF’s top three in-demand jobs. According to Contino’s AI & ML Practice Lead, Byron Allen, data science needs more than data scientists. A good data science team relies on four perfectly balanced pillars: technology, data, people and process, which must all stand together to form a solid foundation.
“As consultants, we often find that while the technology and data are there (even if a bit light), the bigger challenge is building the right cross-functional team. For a team to fully support the various processes that are really required of data science teams it requires design thinking, solution architecture, data engineering, application development, and more.”
Byron Allen, AI & ML Practice Lead
Serverless
At Contino we believe that serverless should now be the default mode of operation and, unless there’s a good reason not to use managed services, it should be your starting point.
Serverless removes the provisioning and maintenance overheads associated with traditional resource management in the cloud, which means a reduction in infrastructure configuration and a greater focus on developing features to help your business grow.
We consider it to be a mindset shift in your organisation that requires a change of development culture and processes—along with technology to maximise its business benefits.
It’s no surprise therefore that demand for serverless architectures is growing. Read our latest white paper for The Ultimate Guide to Serverless.
“In the AWS practice, we’re seeing a big shift towards serverless architectures; these promote decoupled, asynchronous, autonomous services that can accommodate the scale, fault tolerance, and availability required of modern applications, while maintaining low cost per unit of value. This was highlighted in Werner Vogels keynote at re:invent 2022 and the numerous serverless announcements.”
Mark Faiers, AWS Practice Lead
Data
During the pandemic, with customers and employees shifting to online only, companies discovered just how data-driven they actually were, and many found themselves lacking. As they began to execute on plans to improve, last year saw an acceleration in data projects.
These have been high on the agenda for any large enterprise, and our Data Platforms Practice Lead, Chris Young, expects two types of response to the 2023 economic climate.
Firstly, for those who can and want to invest, data projects will evolve beyond simply enabling reporting and BI towards more data science i.e. predicting outcomes rather than just telling us what happened last quarter. This is in part enabled by more accessible data science tooling, meaning you don’t need to hire Maths PhD graduates to do the majority of the analytics today.
Secondly, while the quality of data project outcomes will improve, the quantity is likely to decrease. Shortsighted perhaps, but this could be a sensible option for companies focusing on the more agile data approach (i.e. working on getting just the data they need to deliver a slice of value, instead of an organisation-wide approach) to getting all their data in one place up front.
Decision-makers might want to take note of three key data areas this year: data mesh, data platforms and being agile in data.
“I think we're going to see a big trend this year around data platforms in Azure. I’ve noticed lots of large organisations are looking to build out their data, especially in Microsoft, so I’m looking forward to seeing how we can support them in this area. Data governance will also be a hot topic–so, once you’ve built out a data platform, how are you going to govern and secure it? Solutions like Microsoft Purview, which cover data security, governance and data classification will really come into play here.”
Nicholas Kinch, Azure Practice Lead
Data mesh
Data mesh is still on an upward trajectory and in 2023 it’ll move out of the theoretical phase and into cold, hard deployment on the ground.
A data mesh is an architectural approach to solving the problem of data siloes in large companies that also need to share and govern their data. Either you have big, monolithic central data stores that require huge data migration projects and lots of central maintenance to function, or you have pockets of data in a wide variety of siloes—or, most likely, a combination of both of these extremes. The data mesh design is one that looks to simplify what needs to be done to the data, while still enabling democratisation and governance.
“Stories from the coalface of data mesh implementations are still hard to come by, but I’m looking forward to seeing how some of the gaps are filled in real life scenarios, for example the operating model changes needed to make a data mesh work in a complex organisation.”
Chris Young, Data Platforms Practice Lead
Data platforms
Vendor data platform offerings continue to evolve, so expect an acceleration in the shift away from monolithic and expensive one-stop shop solutions. This area is being disrupted by more agile players such as Monte Carlo, Tamr, ThoughtSpot, Rivery, and more, who offer fewer features in their main products, but allow enterprises to pick a number of relevant solutions that work together in a data platform ecosystem.
Being agile in data
Most major enterprise data projects are still very waterfall in their implementation, which makes some sense given they’re often aiming to centralise data, centralise governance and assure universal levels of data quality. However, as the industry continues to move away from centralised data warehouses and data lakes, there’s an emerging trend of realising that data can be agile in the same way that software has been for some time. Centralised governance and data quality initiatives are not at the turnaround point just yet, but there are isolated cases where these are beginning to look less attractive, and an agile approach of applying data governance in smaller layers is starting to appear.
“We’re going to see an increased use of artificial intelligence and machine learning in software development, which will likely lead to more efficient and effective software development processes, as well as new and improved software applications.”
Nigel Mahoney, Software Practice Lead
AI & ML
AI & ML was a key theme at AWS re:invent 2022, and enterprises want to know more about not only how to store and manage large amounts of data, but how they can use it to drive decision-making and generate value.
Here’s AI & ML Practice Lead Byron Allen’s view on what to look out for:
Generative AI
With ChatGPT getting everyone talking about generative AI, there will undoubtedly be unprecedented amounts of experimentation with generative AI in 2023. Of course, the real question will be: Did you find some competitive advantage with it? This means seizing the moment and striking while the iron’s hot, lest a competitor find that advantage first.
Migration from ML SaaS to PaaS
The ML and MLOps landscape is big and complex–an understatement–overwhelming is more accurate. Too often ML SaaS options require further development and integration with other SaaS tools or OSS. In contrast, the ML platforms of AWS, Azure and GCP are reaching a plateau of enlightenment; 2023 could be the year that all you really need is one of their ML Platforms-as-a-Service (PaaS). Many past criticisms of these PaaS options have been resolved. Moreover, their colocation to serverless tools and modern OLAP databases makes them exceptionally attractive.
Sustainability
The big three CSPs have had sustainability on the agenda for a few years, but now large organisations are more aware than ever of their responsibility to support sustainability targets, especially when it comes to cloud computing.
Sustainability is a lens that’s being added to a range of tech decisions, especially as they move away from on-prem services. We’re now at the point where architectural reviews are starting to include GHG footprint, so consultancies like Contino have a responsibility to help large organisations navigate the sustainability landscape. AWS introduced its Customer Carbon Footprint Tool last year, an example of how sustainability is being implemented in a more concrete way, and our brilliant Continis developed the Contino Sustainability dashboard, an open-source initiative that aims to capture demands from cloud customers as well as domain expertise from sustainability specialists in order to build the Sustainability Metrics Dashboard roadmap.
At Contino we’re gearing up for sustainability hackathons, and look out for our upcoming eBook on Sustainability in the Cloud, which shows you how Azure can support your sustainability goals. This will complement our existing hyperscaler-focused sustainability eBooks on how you can leverage GCP and AWS to grow into a greener business.
Software engineers will also be sharpening their focus on designing and building systems that are more energy-efficient and have a lower GHG footprint. This may include the use of edge computing, distributed computing, and other technologies that can help reduce the energy consumption of data centres and other computing infrastructure.
Of course, sustainability isn’t just about the environment. A truly sustainable business seeks to balance its economic, environmental and social impacts, ensuring it secures its future and supports economic growth without costing the planet or society. In a year that is yet to promise either certainty or stability, resilience and responsibility are crucial.
2023 could, it seems, be the year of action.
Huge thanks to our contributing Continis:
Marcus Maxwell - Security Practice Lead
Chris Young - Data Platforms Practice Lead
Byron Allen - AI & ML Practice Lead
Nicholas Kinch - Azure Practice Lead
Mark Faiers - AWS Practice Lead
Jaroslav Pantsjoha - GCP Practice Lead
Nigel Mahoney - Software Practice Lead
