With every passing day, 2018 is leading IT further into the digital age. But in order to accommodate the requirements of digitalization, organizations need to adapt to evolving trends.
With the first half of the year come and gone, it's time to start executing plans for the second half. Whether it involves diversifying the workforce or securing cloud solutions, organizations are looking to technology professionals to guarantee a more efficient and secure working environment.
Here are five trends technology professionals should expect for the second half of 2018:
1. Expect to continue investing in AI, obviously
About 40% of organizations are testing AI solutions or piloting them, according to a Gartner report, which indicates steady growth in the AI market. Organizations are looking to AI to automate system functions, but right now the focus is on "narrow AI," which is "highly scope machine learning solutions that target a specific task," according to Gartner.
Because of the increase in inquiries regarding AI and it's scope, companies should expect to invest more in the technology and lay a foundation for AI to be built upon. However, companies need to have realistic expectations for AI's abilities and what they want to use it for.
"The term artificial intelligence is it's own worst enemy," said David Cearley, VP and fellow at Gartner, in an interview with CIO Dive. AI is designed to come up with actions that weren't explicitly programmed, but instead actions based on data it's been fed. This is a common misconception for AI that persists, according to Cearley.
All AI in use right now is narrow, but artificial general intelligence is one that could "perform and would learn dynamically" like humans, according to the report. While interest in this type of AI is mounting, it is most likely narrow AI will be the only one to exist in the real world.
Programs are traditionally explicitly programed to follow protocols, but AI is "more of a probabilistic system versus deterministic." Because of this, Cearley expects companies to adopt "collaborative intelligence" between human and machine. AI is meant to augment existing systems for data and analytics and user interfaces.
Cearley admits that as of right now, "Alexa and Siri are still pretty dumb," but they are enhancing user experiences through techniques computers didn't have before. So while companies can adopt what's available, they need to understand the limits of today's AI.
In the meantime, preparing for the AI that is available today begins with having data scientists equipped enough to train systems to act on their algorithms and application developers to create the services provided by AI.
2. Expect to create policies for shared responsibility
Digital technologies introduce a more proactive approach to security, and containers allow organizations to deploy and manage their applications. But the current architecture of containers separate an application's parts by singular functions, according to the National Institute of Standards and Technology (NIST) container guidance.
Each container's application component runs separately, creating microservices that work together to "compose an app." Containers allowed organizations to replace their servers and data centers because "a container is an image of your OS and apps," said Dan Hubbard, chief security architect for Lacework, in an interview with CIO Dive.
He predicts more companies adopting a policy or rule because "responsibility should be shared" when it comes to securing and creating assets. Organizations need to ensure their practices are one part tech and one part communication, he said.
When using a container, no matter if its on Amazon Web Services, Microsoft Azure of Google Cloud, users need to use an orchestration tool like Kubernetes, which allows someone to manage their containers from anywhere in the world. But if a container is left open with no corresponding username or password, anyone can find them and effectively do what they want, according to Hubbard.
Last year companies were plagued by breaches from exposed buckets and memcached servers. Lacework found more than 21,000 publicly facing container orchestration platforms during the first week of June this year.
The most common reason for this is because of how easy it is to add an infrastructure to the public cloud. Because developers are able to programmatically add computers for the time they need, they tend to do so without security oversight, according to Hubbard.
But "one thing security people can't do is be a blocker" and slow down the innovation of developers, said Hubbard. At the same time, security people need to update their best practices. They need to "straddle the line" of new and old security norms because the same methods that could be applied to old security solutions just won't work for new ones, he said.
3. Expect to embrace agile
Agile was an answer to the outdated waterfall method because it enabled teams to work at a faster pace with condensed release cycles. Companies want to be more flexible and dynamic, but agile is a "big umbrella term," said Cearley.
Cearley expects companies to embrace the methodologies like the ones offered on Pivotal Cloud Foundry. So while companies can use the tools offered by these PaaS-like solutions, they are more attracted to the techniques associated with the offerings to perform agile projects.
Agile might have another successor for companies that are slower in development. Bimodal manages work through two tracks, including one for "planning and predictable change" and another for "experimental and disruptive change." However, it doesn't serve as a permanent solution for businesses.
Agile, on the other hand, is setting businesses up for success when used properly. The scaled agile framework, followed by scrum of scrums and internally created methods are the most popular scaling approaches, according to VersionOne's 2018 State of Agile Report.
DevOps, in particular, benefits from agile processes because it allows organizations to build in consistent ways. Agile DevOps offers "predictable code delivery cadence," said Jamie Barnett, chief customer officer at Scalyr, in an interview with CIO Dive. From there, companies are able to see what pieces of code are impacting the rest when they're delivered.
4. Use DevOps as a business strategy
DevOps is "a change in IT culture," according to Gartner, and uses technology that "can leverage an increasingly programmable and dynamic infrastructure from a life cycle perspective." But only about one-fifth of IT professionals claim to use a pure form of DevOps partially because their organizations are manually managing their infrastructure — something incompatible with DevOps.
DevOps is a point of contention for some companies because while they recognize the need for DevOps, they are uncertain of their implementation. DevOps has become a trend in and of itself, but companies need to know the methods behind the initiative to understand why they are adopting it. "Some folks are on a journey" when it comes to DevOps, Barnett said.
Companies are embracing the culture and management change associated with DevOps. Organizations that are able to reduce their software delivery cycles will pace ahead of their competitors, and to do so, they need more agile development designed with feedback loops, scrum teams and sprint goals.
Similar to a change in container security, working security into application design is increasing because the two are not mutually exclusive, said Barnett. Security flaws that are unintentionally pushed out into production ultimately will slow down everything further on.
Adopting a continuous adaptive risk and trust assessment (CARTA) strategy, which enables "real-time, risk and trust-based decision making with adaptive responses," will help "preserve the teamwork" between security and application professionals, according to Gartner. But, Gartner warns to resist the urge to switch tools or make developers security experts.
Still, while "nobody believes that they have it nailed," Barnett said, "everyone recognizes its importance." Because of the way technology is moving, everyone is beginning their shift to microservices. Parceling out services while developers work in parallel allows organizations to be more efficient.
5. Help more women filling the void
The future of cybersecurity jobs is already a bit grim because by 2022 there will be 1.8 million unfilled cybersecurity jobs. Experts agree that to help fill the widening gap in cybersecurity jobs, considering more diverse candidates is a requirement.
Companies are acknowledging their need to diversity beyond headcount requirements, said Netta Schmeidler, VP of product for Morphisec, in an email to CIO Dive. To accommodate change, companies are adjusting how they write job requirements in job postings that help enable women to apply.
More resources are popping up for young women to pursue cybersecurity with programs through Girl Scouts and She Codes. The popularity of these programs will help educating young women "in a non-threatening and less competitive environment," she said.
"More young girls in high school or college are fearless," she said, and they are "ready to take on challenges themselves."
But the challenges of cybersecurity are not dependent on gender because attackers are getting better with each passing day. Schmeidler predicts the solution to the cybersecurity job crisis as a whole will come from supply and demand. More companies are adopting advanced technologies "that do not require generation of endless events that require skilled analysis," but in the meantime, companies need better strategies to attract new employees.