A February Short Stack of Data
February is the shortest month, in even a leap year. And it can be made even shorter when you spend the first week at a conference, and the next week finishing up major projects. But that doesn't mean I don't have data for you. That would be unthinkable!
In fact, I have some interesting data this month with the key themes being observability and security.
What? No AI data this month? Oh, fine, you can have some of that with your pancakes too, but only because our annual research is nearing publication and I love sneaking my own data bits onto your plate.
Grab your fork, because it might be a short stack, but it's tasty tasty data!
Security
If it isn't broke, don't fix it. But how do you know it's broke? Well, that's part of what K/C/BBQ security posture management does for you. I know, there's about a hundred variations of security posture management out there, each one tailored for a specific technology environment. Signs are showing this market is experiencing some crazy chaos with new focal areas emerging every week or so, but that means there will be a consolidation eventually.
In the meantime, there's some interesting findings coming out of folks who are in one of the BBQ security posture management markets.
XMCyber and its State of Security Posture 2024 note that companies, on average, reported addressing about 12 exposures per week. And those exposures are causing problems for 90% of organizations who face challenges in addressing exposures for purchased and legacy applications.
All that is terrifying given the finding from Crowdstrike's 2023 Global Threat Report that the average breakout time for interactive eCrime intrusion activity declined from 98 minutes in 2021 to 84 minutes in 2022.
Declined. That means attackers are getting better and faster at breaking out and moving laterally to attack more lucrative targets deeper within the environment. The hard part about stopping lateral movement is that 'lateral' can mean within the same cluster, the same cloud, and even the hybrid corporate estate.
What are they using to move laterally? Hold onto your hats, it's an old-school reunion of RDP, SSH and SMB. Hey, do me a favor and go do a port scan on everything right now, okay? I mean SSH, yes. But SMB? RDP? Why are those running internally? Are you sure you need them? Sometimes a protocol audit is a good idea. Just saying.
Observability
Protocol audits and observability are kind of cut from the same cloth as they are both closely related to visibility. The former is about visibility of potential attack vectors and the latter, visibility into the state of ... everything operational.
Yes, I stretched for that segue. Still made it sort of work so... there's that.
领英推荐
But SRE operations and observability do go together, because having the right visibility means you can leverage tools (automation, SLOs, SLIs) and technologies (eBPF, app delivery, app security) to get faster, stronger, and more efficient.
That's important today because if you thought paying $6 for a bag of Doritos was ridiculous you're going to cringe at the costs per incident today. I did when Blameless sent over this cool infographic they put together after talking to a lot of engineers about just how much time is spent on each and every incident.
They broke it down - way down - like a professional value stream mapper and you can see all the components that go into "incident response".
Some of the data points they offered up:
That last one doesn't really need research. I mean, it seems pretty obvious to me. 1 minute is 1 minute, no matter how you spend it, right? Unless you're in a meeting. Then 1 minute is more like 10000000000 minutes. You know what I mean.
Leftovers
I see you're ready to go, so here's some AI for the road, in case you get hungry and need a snack.
I know most of the market is raving about productivity improvements being the top benefit of generative AI right now. And to be fair, I can see where folks get that notion. But when we asked about the benefits folks expect from generative AI in our annual research, productivity was not in the top spot. Nor in the top three.
It was number five - of seven possible benefits. Beating it out by nearly 10% of respondents was improved customer service, time and cost savings, and then faster/better data-based decision making.
I also want - no, need - to note that 2.4% said they expect absolutely none, nada, zilch, zero benefits from generative AI. Which leaves me wondering if they believe it's a dud or they aren't going to use it at all.
Maybe next year I'll ask that question so that I can satisfy my craving to understand that answer.
And now I'm going back to analyzing the data so we deliver you what's going to be a fantastic report this year.
Until next month, take care and stay safe!
Internationally Known AI and Cloud Computing Thought Leader and Influencer, Enterprise Technology Innovator, Educator, Best Selling Author, Speaker, GenAI Architecture Mentor, Over the Hill Mountain Biker.
1 年Dammit Lori, I just started keto. ??
Another fantastic meal of data, Lori! Thank you for sharing the Blameless infographic as well - a great one. Now you've got me thinking about Crown maple syrup to go with my short stack... ??
Senior Enterprise Account Executive | Director of Sales | Customer 360° Ask me what we are doing with Gen AI and Industrial Analytics
1 年Great stack talk Lori. I was talking to a friend about the topic of GenAi and whether companies know what to do with it or integrate it into their systems. Plus, how do you keep up with the constant change happening to ChatGPT, Gemini, Bard, Sora, etc?