IT Next Generation of Cyber Security
The traditional forms of security SAST, DAST and WAF which are reactive and focus on treating symptoms rather than affecting a cure will, in a perimeterless world, result in fast diminishing returns. Some of these technologies already cost the business far too much. A new generation of Cyber Security tools base on Runtime Application Self Protection are now entering the Enterprise space and will, by 2020, be firmly embedded in the Enterprise. I expect Virtual Patching, Precision Application Protection and Zero Day Mitigation to constitute the backbone Cyber Security technology and a cultural shift towards the implementation Cyber Threat Intelligence will characterise the Enterprise in 2020. Protection will no longer be the only goal, prevention will take precedence.
Always On and Evergreen IT
Manual intervention in production, constantly patching antiquated infrastructure and Enterprise IT insisting on engineering its infrastructure rather than focusing on delivering the IT the business demands, within the required SLAs, will consign Enterprise IT to the dustbin of history. The expectation of technology consumers and service providers is always Always On and Evergreen IT. The best way for Enterprise IT to achieve this in a cost effective manner before 2020 is to augment existing infrastructure with PaaS, and most probably in the form of the Hybrid Cloud architecture. The guiding principle here has to be that of NoOps. IT Operations must renegotiate their accountability focusing on the platform and give application teams the tools they need to take accountability for supporting their applications. This approach, which is essentially based DevOps culture, ensures the correct allocation of expert resources (applications teams fixing applications, platform teams maintaining platforms) and eliminates the culture of resisting change in operations, because operations are on the hook for poorly performing applications. For Enterprise IT to attempt to engineer Evergreen IT themselves will, if it is successful at all, be delivered far too late. This is why the selection and deployment of the third party PaaS with this capability is critical to the achieving this goal.
In the journey to 2020, Enterprise IT can’t simply go bi-modal and deliver a platform that can host Twelve-Factor Apps, Cloud Native and Microservice architectures. Are we really expecting the rest of the business to carry on in second gear as bi-model seems to imply? The platform provided by Enterprise IT must be able to offer a home to legacy IT allowing it to transition, before it transforms to target architectures in the cloud. This approach is advocated by Trivector Transformation which sets out an ideology, methodology and praxeology that embraces the entire Enterprise when affecting transformation.
Software Defined Everything (Software Defined Something by 2020)
Virtualisation starting in the OS is now expanding both up the stack to the application (containers) and down the stack to networks and storage. Infrastructure as a Service is already a commodity and we are perhaps only a few years away from a true global market complete with spot pricing for compute resources. For Enterprise IT and especially the Networks and Storage teams, the writing is on the wall. Embrace Software Defined Everything or be prepared to be packaged off in the next deal to outsource IT infrastructure. The business has broadly lost patience with the friction of dealing with these tiers of infrastructure to affect fundamental, transformative change.
This post marks the conclusion of this three part series laying down my expectations for Enterprise IT in 2020 against the back drop of legacy technology, processes and a highly regulated sector. These are, as I explained at the beginning of this series, the components of Minimal Viable Vision for Enterprise IT given the constraints under which we operate.