A September Smorgasbord of Data
What a month! The smell of fall is in the air; but for a lot of folks that scent is smothered by the smell of end-of-fiscal-year panic. Part of that panic is mine as I comb through a year of data and try to tease out what it all means for next year. There's been - and continues to be - a lot of activity in the market that revolves around three things: #observability, #security, and #APIs. So it should be no surprise that most of the data I've been digging up this past month are related to these topics. Also no surprise that there's a whole lot of activity that bring all three topics together - and often culminating in early entries to what is shaping up to be an interesting market.
APIs
In what should surprise no one - and I mean NO one - is the finding from Postman's 2022 State of the API that "51% of respondents say that more than half of their organization’s development effort is spent on APIs" or that the number one obstacle to API consumption is documentation. I mean if APIs are the glue for, well, everything, then it stands to reason that a large part of an organization's time is going to be spent on them.
Looking back over 2022, a significant percentage of market activities - acquisitions, products, and partnerships - were driven in some way by API-related use cases. Watch for API Threat Intelligence to become a significant "trend" in the next year as observability vendors ramp up their relevance to an increasingly security-minded market.
It's also a significant driver of enterprise spend. The State of Enterprise Architecture 2022 found that 36% of architects noted API and integration technologies as needing investment. Only data strategy and data management garnered more attention with 41% citing the need for more investment and attention to skills.
I found an interesting trivia-like stat about APIs in a report from Cequence Security on bots and automated attacks: "of the 21.1 billion transactions analyzed by Cequence Security in the last half of 2021, 14 billion (70%) were APIs." I didn't find much more in the report of note, but the API stat was a good one, so I guess there's that.
Observability
Observability is one of the biggest topics of 2022. Hands down. It's all over the market and reports, and is tied to every other trending technology topic: automation, security, performance, and site reliability engineering (SRE). Observability promises to put logs and alerts and metrics into context and pinpoint problems faster and, in some cases, before they happen. It's a beautiful vision, but one that remains a bit blurry as vendors and enterprises alike try to put together the data they need to make it happen.
New Relic's State of Observability Forecast claims that, by their definition, a mere 27% of organizations have achieved "full stack" observability. For the most part, I liked their definition. What I didn't like is where it offered "OR" choices for what I see as core monitoring capabilities. For example, New Relic defined "Environment Monitoring" as "Database monitoring AND/OR Infrastructure monitoring AND/OR Network monitoring". My definition is a bit more "full" and would require all three. Like, the network is part of the stack. How you can be full stack if you can exclude it? Isn't this more like "almost full stack"? Anyway, also of note in this report: "39% of respondents said that they are adopting open-source technologies such as OpenTelemetry, 36% are adopting serverless computing, and 36% are containerizing applications and workloads—all trends where observability requires a unified approach."
领英推荐
Security
Zero Trust. ZERO Trust. ZERO TRUST! If it surprises you that a lot - a WHOLE lot - of security related content centers on Zero Trust then good for you! It means you've actually managed to get away from your desk.
On the topic, the Zero Trust Market Dynamics report found that 82% agree Zero Trust is a necessary strategy. And, as I've noted for the past year, identity is a huge - HUGE - part of evolving security strategies. This report identifies "Identity (42.94%) as the greatest need, as the gear that the Zero Trust machine revolves around." Absolutely agree, identity is shaping up to be the most important focus for security moving forward.
Okta found that "83% of the world’s largest organizations indicated a budget increase, with 14% even reporting a “significant” increase for Zero Trust Security initiatives" in its 2021 State of Zero Trust Security. I found the projection for tangible projects related to zero trust interesting: by 2022 75% will secure access to APIs, and 67% will deploy MFA across user groups. Additionally, 66% are finally automating provisioning and deprovisioning of employees. Given the prevalence of credential stuffing as a successful attack vector, this is one that should have been given precedence years ago - especially the deprovisioning part.
But let's not ignore the recent Executive Orders in the US regarding Software Supply Chain Security which some (who shall remain nameless) have described as "Secure Software Stew." There's increasing pushback on the vagueness of the directive with a lot of associated complaints about cost and complexity and impossibility of achieving compliance. Software Supply Chain Security is not simple to solve. Just compiling a SBOM is a challenge, let alone verifying the security of every component in it.
Looking Forward
So all this is always fun to track, but it's really technologies that manifest as a result of these trends, and it's technologies that I like to really dig into. Some of the technologies I'm keeping an eye on:
That's it for September. In my world, October is time for me and Cindy Borovick to analyze the results of our annual research for the State of Application Strategy. So October may be light on data - or it may not. I often find it valuable to validate our results by looking out at what the rest of the market says. But either way, you can be sure that there will be MOAR DATA.
See you next month, and thanks again for letting me take up space in your inbox!