August AI Data Bits
Why is so hot in here?
Oh, because it's August, that's why. See, people tend to think there are four seasons but that's a lie. There are at least six seasons in the midwest, and the period between summer and fall up here is called "Hell's Front Porch". And yes, it feels like it - outside.
While I've been hiding inside, I've had my hands full - FULL, I say - of data about #APISecurity. Or should I say the lack of it. ::wink:: ::wink::
I want to say more, I really do, but you know how marketing is. They want me to wait until the report actually publishes in October. Suffice to say that we dug deeper than most folks into what APIs do all day (and night) and what they're made of. You're going to love what we learned.
What that means, however, is that my jar of data bits is a bit low this month. Oh, I've got some, but not as much as I usually do. So instead of many reports, you only get a few.
So grab a cool glass of lemonade (mixed with whatever adult beverage you prefer) and let's distract ourselves from the weather outside.
Cloud Repatriation
Reading through my feeds lately, it looks like Hell's Front Porch has expanded to include the #cloudcomputing community this month. There's plenty of chatter - and by chatter I mean thinly veiled arguments regarding a certain topic in a Barclay's CIO Survey. That topic was - plug your ears cloud lovers - cloud repatriation. Specifically, this stat being shared (no one, not even me, seems able to find the source report): 83% of enterprise CIOs in Barclays survey plan to repatriate at least some workloads in 2024, up from low point of 43% in 2020 H2.
This started arguments. From folks who dismiss it as just pulling back failed lift-and-shift (there's some of that) to others who promote it as as a response to data privacy concerns regarding #AI, there is no dearth of opinion on what data about repatriation really means. This one, for example. And Mission Critical Magazine tells us security remains a significant driver of cloud repatriation, particularly in regulated industries like finance and healthcare, where data sovereignty and compliance with stringent regulations are critical.
I've seen lots of data on the topic, and our own, and it's happening. What isn't clear is the full impact of what that means on the enterprise application portfolio - and how AI will really impact it. How much it's happening in terms of workloads is something we (that's Cindy Borovick and I) are going to dig into a bit deeper in our upcoming annual research.
And now for some security. Because if there's anything as pervasive as surveys on AI, it's surveys on security.
Some Security Stats
Absolute defines Cyber Resilience as a paradigm larger and more critical than traditional cybersecurity, as it not only ensures defences are working as intended, but also helps organisations withstand and quickly recover from cyber disruptions and attacks.
Uh, okay. So you slapped a different name on "assume breach", which is already part of Zero Trust, but then didn't associate it with Zero Trust. Weird.
54% feel their organisation’s security team is unprepared for evolving AI-powered threats.
I'm more concerned about the 46% that think they're prepared. Especially considering this next finding:
Over one-third (35%) admitted to ignoring the National Cyber Security Centre’s (NCSC’s) cyber guidance.
Next! Seriously, what possible socially acceptable thing could I say about this stat without getting banned? Exactly.
83% say DevSecOps automation is even more important to management the risk of vulnerabilities introduced by using AI.
I would say it was critical period. Like, you really think vulnerabilities weren't problematic before AI entered the chat?
Now to be fair, Snyk did a survey late last year and found that more than half of organizations encounter security issues with AI-generated code sometimes or frequently.
领英推荐
Here's the thing. AI is either going to dramatically decrease the security of code or dramatically improve it. Whoever cracks the code (see what I did there?) on the latter is going to win at the copilot game. Until then, we're just all rats in a huge lab experiment. That's what adopting emerging technology means.
We talk a lot about guardrails needed for AI, but seriously, we seem to forget that some of those guardrails are for the people using AI, not just the AI itself.
70% say need for multiple app sec tools drives ops inefficiency due to the effort needed to make sense of disparate sources of data ?
Duh. But you forgot the frustration with multiple tools includes multiple APIs, CLIs, GUIs, and, coming soon to a service near you, NLIs. It's not just the data, it's the interfaces. And automation (whether using AI or not) is only going to make this part of the frustration even greater.
The ROI of GenAI
Finally, we got some Google data. Google Cloud The ROI of GenAI .
56% orgs report an improvement to their security posture from genAI
So generative AI, which is known to hallucinate - a lot - is improving your security posture. Right.
To be fair, Google nailed down this to identifying threats faster (which is typically associated with predictive AI, not generative AI) and a 65% reduction in security tickets. We don't know which security tickets, but hey, they were reduced. Details, schmetails.
74% of orgs report seeing ROI from genAI
From mostly... productivity. You know, the services you plug in that require a subscription and very little investment. So.. yeah, ROI for these? Makes sense. For now. Using "generative AI" as an umbrella is misleading. The investment in productivity use cases is vastly different than that of a full-blown workflow automation use case, for example, and that use case is a top priority for next year, according to our research . So, we'll just check back in next year and see what that looks like, m'kay?
84% transform a gen AI use case into production in less than 6 months
WHICH USE CASE??
65% reduction in number of security tickets
WHAT TYPE OF SECURITY TICKETS??
AUGH! This type of imprecision and omission of important details frustrates me.
Falling into Fall
It's almost September, so the first of the fall seasons (yes, there are multiple here) is nearly upon us. That's a good thing. Even more so because I can turn part of my attention to finding more data while we executing on our annual research.
In the meantime, stay off the front porch, stay cool, and more importantly, stay safe.
Market and Competitive Strategy, Director at F5 Networks
2 个月#Cloud Repatriation so looking forward to stepping into spoky season and seeing what ghosts and goblins have to say about our workload mobility analysis. Lori MacVittie start buying the candy!
Product & Technology Executive Leadership & Strategy
2 个月Love this - and fwiw (no surprise) the same thing frustrates me too! Details so important.
Enterprise Technology Leader
2 个月Your insights are as valuable as your writing is delightful! Thoroughly enjoyed while learning quite a bit!
CEO/ Principal at Scratch Marketing + Media, Mentor at TechStars Boston, Intel Ignite, and Bulgarian Innovation Hub
2 个月Love the insights, Lori!!!