Application Development
Increased focus on developer experience, integrating compliance and security with development, and democratizing AI/ML are among the major digital innovation trends we can expect to play out in 2023.
Steven Chung
Jan 10, 2023
Share
As we start the new year, I wanted to share some of the conversations that I’ve had with CIOs and other technology leaders about their key priorities for 2023. Facing macro headwinds, IT executives are cautious about spending but remain committed to digital projects that support growth while mitigating costs and risks. Rising inflation, geopolitical strife, and softening demand have increased the need for greater operational efficiency and risk management. Based on my conversations with IT executives around the world, I expect the following to play out over the next four quarters and beyond:
The focus on developer experience will align with developer productivity and software quality. It’s no secret that winning that war for developer talent is critical for digital businesses. Talented developers enjoy coding and working on important projects versus spending time on non-development activities such as testing, compliance, and admin. Businesses that maximize this developer experience will attract and retain top talent, while achieving higher levels of performance.
DevOps teams are integrating development with security and compliance. The threats to our digital services, financial records, and customer data have never been higher. Governments continue to issue new data compliance and data privacy mandates while tightening the grip of fines imposed on enterprises. We see fines in the hundreds of millions being slapped on notable companies, causing brand and financial damage. In order to mitigate these risks while still achieving faster release cycles, DevOps teams are integrating data security and compliance measures into their practices as part of an automated process flow.
Software release cycles will accelerate as businesses automate the flow of data, the “last mile” of DevOps. Data has been the last “anchor” in implementing DevOps and CI/CD processes, slowing the automation of software pipelines with siloed, manual processes. With the rise of new tools today, businesses are automating data provisioning and governance to the same extent that they have automated infrastructure, software builds, security and other aspects of DevOps. Data automation and compliance thus represent “the last mile,” if you will, in completing the DevOps and CI/CD workflows.
Businesses will further democratize artificial intelligence and machine learning (AI/ML), exacerbating their data governance challenge. CIOs tell me that their businesses have an insatiable demand for AI/ML but they don’t have the people, data, or processes to satisfy the demand. I expect CIOs to push toward the democratization of AI/ML through the use of no-code and low-code platforms and other technologies towards a more “self service” model geared for business users. This will require new ways to provision and govern data to efficiently satisfy the additional demand in a safe, compliant manner.
CIOs will play an even bigger role in sustainability and ESG. CIOs will play a leadership role in sustainability by implementing systems, reporting, and measures that support environmental, social, and governance (ESG) programs. As change agents, they will be instrumental in driving the cross functional cooperation needed to achieve a company’s sustainability goals both internally and externally.
Below, I’ll explain more about these trends and why they should matter for every CIO and digital innovation leader in 2023.
The topic of developer experience has commanded executive attention for years. There is a war for developer talent, and winning that war is a key to success for digital businesses. Indeed, McKinsey & Company wrote last year that CIOs must “make developer experience the cornerstone of talent strategy” as one of six make-or-break priorities for 2022. I have seen many IT executives do just that, and we have also embraced this approach at Delphix
However, some CIOs tell me that developer experience is too vague and focuses on the input (experience) versus the output (productivity and quality). Meanwhile, developers repeatedly tell me they want to build high-quality software and to minimize the drudgery (read: meetings, forms, waiting for others, admin tasks, rework, burning down technical debt) in their work. Coincidentally, these desires go hand-in-hand with developer productivity and software quality. To make developers more productive, businesses need to invest in developer skill sets along with tooling and process automation.
Consider the case of Dell Technologies. According to Dell’s Digital Senior Director, Product Management, Technology Transformation Services, Cody Taylor, their developers spent about 20% of their time writing code and the remaining time doing non-coding activities such as testing and admin prior to automating their CI/CD pipelines. By automating the latter, their developers now spend over 75% of their time writing code. One reason for this nearly 4x productivity increase is that 80% of the provisioning of infrastructure, code and data is automated. Automation and self-service are the modern ways to develop, test, and deploy software, freeing up developers to do more of what they love (coding) versus the mundate tasks which sap their morale. Adopting a DevSecOps “culture” not only produces better results, it also drives higher engagement, productivity, and retention of the development team.
Achieving success requires integrating DevOps with data security and compliance, as new threats to our digital services, financial records, and customer data have never been higher. Just as the demand for digital services rose during the pandemic, the rise in cybercrime such as ransomware, account takeover, and data theft was unprecedented. Meanwhile, the regulatory landscape for data protection and privacy continues to grow, resulting in compliance requirements that threaten to stifle software development and innovation.
DevSecOps has been a way to address this issue where DevOps teams increasingly automate security and compliance testing as part of the development workflow. Just as DevOps has resulted in a “shifting left” of quality assurance where tests are automated and performed during code development, the same is true of security and compliance testing with tools that assess source code and scan running software — all of which is automated throughout the CI/CD pipeline. With these tools, software isn’t released unless it passes the required tests at each stage of development.
As we’ve witnessed in recent years with breaches such as those at SolarWinds, Uber, T-Mobile and LastPass, development environments are often considered “target rich” by attackers. They prey on source code management systems, infrastructure such as virtual test servers, and the test data itself. Complicating this picture is the proliferation of development platforms, such as Salesforce, SAP, and Azure Data Factory, that live in the cloud. Development and test environments, whether on-premises or distributed among multiple clouds, must be protected and compliant. DevOps teams and their cybersecurity partners will again rely on automation for a more continuous approach to security across all of their development platforms.
Governments around the world are imposing stricter compliance regulations regarding data privacy and security. In the US the recently updated Federal Trade Commission (FTC) Safeguards Rule mandated by the Gramm-Leach-Bliley Act (GLBA) has become a hot topic, driving companies to upgrade their data privacy and security measures.The Safeguards Rule originally took effect almost 20 years ago, but the FTC amended it in 2021 to provide more concrete guidance for businesses for protecting non-public personal information (NPI). The Safeguards Rule and other privacy mandates, such as HIPAA in the US and the General Data Protection Regulation (GDPR) in the EU, threaten to inhibit software development teams by adding layers of security protocols into the development process. Teams that automate data security and protection as an integral part of their CI/CD pipelines will achieve compliance without sacrificing the speed of innovation.
Finally, I also expect to see DevSecOps teams play a greater role in recovering from security breaches or production outages. We work with businesses who have used their DevSecOps toolchains to provide automated recovery paths for many scenarios from a ransomware attack to a production outage caused by data issues. During a security breach or a production outage, companies often need to rebuild applications and data quickly in order to restore service or perform an investigation. Traditional backup and recovery methods often fail to restore service in a timely manner. With a highly automated DevSecOps approach, businesses are able to rebuild their infrastructure, applications and data from any point in the past and recover quickly.
The appetites of businesses for improved digital capabilities increased dramatically during the pandemic and continue to grow. Traditional industries such as retail, media, telecommunications, insurance, and banking are facing increased competition as economies have opened back up, including new threats from digital natives seeking to disrupt the established players. IT leaders tell me they are working hard to increase the pace of innovation despite reduced budgets and other constraints. They frequently cite a couple of metrics — software deployment frequency and usage — as key measures for innovation throughput. These foundational DevOps metrics track how often software teams are deploying code into production (to their end users) and how quickly users adopt them, respectively. Is there a new product or service to launch? Are users asking for a new feature or capability that improves a critical application? It’s a lot harder to innovate when teams must do more with less. So what is a CIO to do?
According to the State of DevOps 2022 report, the highest-performing teams release code into production on-demand, often several times per day, and it takes them between one day and one week to go from code complete to production. Many businesses that release software monthly or less frequently find their competition is beating them to market with new features and getting customer feedback much more quickly. It’s not just a race to release software; it’s a race to iterate and optimize digital capabilities that satisfy real-time customer demand. Teams that do this quickly are winning in the marketplace.
A quality leader at a Fortune 500 healthcare company recently told me they’ve accelerated their release cycles from quarterly to every six weeks and are continuing to accelerate this pace. The major acceleration drivers were an increasingly complex regulatory landscape and the need to improve healthcare outcomes and affordability for their customers. They use data to identify and execute new business opportunities and to manage risk, so continuous feedback to new features and analytics is essential.
There’s good news. The tools, skills, and best practices that enable rapid development — things like DevOps, continuous integration/continuous deployment (CI/CD), and site reliability engineering — are maturing to where they can support even the most challenging environments from Fortune 500 enterprises to cloud native startups.
For many businesses with whom we work, the “last mile” in automating CI/CD pipelines was test data provisioning and governance. For example, a particularly challenging roadblock at Dell involved the petabytes of test data they maintained across hundreds of databases. Developers needed quick access to fresh test data, and manually provisioning the data was sluggish and time-consuming. Overcoming this roadblock was essential to accelerating Dell’s release cycles.
For Dell, the solution was automating DevOps test data management. Now, 92% of their global, non-production database environments – around 160 databases – are refreshed automatically on a bi-weekly basis. Dell’s developers are able to trigger releases through their CI/CD pipelines, including the builds, validations, integrations (infrastructure, data, security), and deployments, in just 17 minutes. This has allowed them to run 6 million pipelines (i.e., releases through their CI/CD pipelines) in the first quarter of 2022, and over 50 million since they implemented their standardized, automated approach. Some teams now deploy to production multiple times per day. Meanwhile, quality has improved as the non-production data defect rate has fallen by 33% in the last year.
“We now have a very efficient way to pull this data from production, scrub it, and mask some of the confidential components of it, and easily deploy that through our ecosystem,” Dell’s Cody Taylor said. “We’ve got it to a point now where it’s becoming a non-issue, where before it was the number one blocker.”
Having spoken with many other digital leaders with similar experiences, I believe that companies who adopt these more modern practices such as DevOps and CI/CD will wield competitive advantages with respect to innovation, customer service, and financial performance.
CIOs tell me that their businesses have an insatiable demand for AI applications but lack the expertise, systems, or processes to support these needs. A recent study by SAS found that 63% of respondents reported their largest skills shortages are in AI and machine learning.
Given the lack of AI/ML expertise, some CIOs are training existing employees. Others seek partnerships with universities, business incubators, and startup ecosystems to bring new talent into the organization. These are all good ideas, but I don’t think that they will scale to meet the rising demand.
Instead, I expect CIOs to push the “democratization” of AI to expand the usage of these solutions to non-technical users: sales, marketing, finance, operations, product management, and HR. CIOs will increasingly look to no-code and low-code AI platforms which can be deployed and implemented quickly with a self service motion. The goal of “democratized AI” is to enable nearly anyone to create, test, and deploy AI software and analytics. Democratization won’t address every use case, but the variety of these new platforms is rapidly expanding, tailored for nearly every industry from retail to healthcare to manufacturing. Microsoft, Amazon Web Services, and Google also offer AI built for end users or “casual developers.”
Given the appetite of AI’s machine learning-based algorithms for training data, these platforms introduce a new challenge: how will IT leaders efficiently support development with production-quality data while also protecting private, sensitive information? Given the storage and compute intensity of AI/ML, one particular concern is the demand that democratization would have on resources. Can users be supported sustainably? And in a world where zero trust security principles are fast becoming the norm, giving end-users or developers access to sensitive data is risky. But as more and more AI stakeholders grow throughout the enterprise, CIOs will have to find a way to support them in a secure, compliant manner, without breaking the infrastructure budget.
As the world’s largest software company, Microsoft sees the governance challenge associated with AI democratization very clearly. In May of this year, they announced the Microsoft Intelligent Data Platform (IDP) to provide a more seamless and intuitive experience for everyone from developers and DBAs to business analysts and domain experts. The three main “layers” of the solution are databases, analytics and governance. With Microsoft’s unique ecosystem model for this solution, the governance layer incorporates Delphix to provide automated data profiling and masking to address privacy and security requirements. Microsoft is building their IDP solutions to spur innovation and optimize usage while maintaining governance with data security and privacy mandates.
My view is that for AI to succeed at scale, the tech needs to be easy to deploy and use, efficient, secure, and scalable. While mainframes were only usable by experts in the 1960s limiting their scope, iPhones today can be deployed by virtually anyone, even children with little or no technical expertise. Democratization means that the tech is built for everyone. AI needs to be “drag and drop”, and easily run to discover new insights, support real time decisions. As AI relies on data, expect the provisioning of secure, compliant and sustainable data to become the next challenge.
Most CIOs play an important role in their respective companies’ environmental, societal and governance (ESG) efforts. With this in mind, last year Delphix founded SustainableIT.org, a non-profit organization committed to advancing sustainability around the world through technology leadership. CIOs applauded the effort and nearly two dozen senior technology leaders from some of the world’s leading companies such as Morgan Stanley, BNP Paribas, Deloitte, GSK, and Choice Hotels joined the board of directors. Many CIOs own their companies’ digital programs, partnering with their line-of-business leaders on growth, customer experience, and other priorities. So, it’s not surprising to see them as key agents in driving ESG programs which are now strategic priorities at the board level.
As IT naturally plays a big role in almost every facet of a business, it should strive for more sustainable practices. When CIOs reduce the carbon footprint of their data centers, move to the cloud to reduce emissions, or hire more technologists from underrepresented segments, they are improving sustainability. IT also drives the implementation of enterprise systems supporting ERP, supply chain, manufacturing, HR, travel, facilities, and other operations where automation and governance can promote higher levels of sustainability.
To help CIOs and other business leaders improve sustainability efforts within their organizations, the SustainableIT.org board has sponsored a standards development initiative. At this time, there are two major types being developed: standards to be applied to IT and standards to be applied to the business and supported by IT. This work is in its early stages, with the first of the environmental standards due to be released this month and the social and governance standards to be released later in the year. The passion that our board members have shown for this work is heartening.
I expect to see quality assurance or quality engineering teams take stronger roles in sustainability, too. In their World Quality Report 2022-2023, CapGemini and Sogeti demonstrated a clear link between software quality and sustainability. Among their key recommendations, they advised that CIOs “bring quality to the center of the strategy for sustainable IT for a consistent framework to measure, control, and quantify progress across the social, environmental, economic, and human facets of sustainable IT, even to the extent of establishing ‘green quality gates.’” Of the 900+ senior IT leaders surveyed for the report, a strong majority felt that quality can contribute the most to social (82%), economic (74%), environmental (72%) and human (72%) goals for their businesses. This is highly encouraging.
On the other hand, with the rise of “greenwashing” I also hear some skepticism toward sustainability as well. CIOs can help make sustainability a reality by instituting systems and measures that improve outcomes and track progress today. They can implement analytics that help their businesses find ways to reduce emissions, reduce the bias in their hiring, and achieve other sustainability goals that benefit the broader ecosystem. CIOs have a unique opportunity to help transform ESG from a marketing slogan into real, measurable results.
New challenges can serve as powerful motivators for change and innovation, and I am inspired by what some of our customers and partners are doing with technology. JPMorgan Chase is investing almost half of their entire technology budget — around $6 billion — to new digital products and services, according to their Global CIO Lori Beer. Nike recently launched .Swoosh, its web3-enabled platform for enabling its customers to explore and co-create virtual assets such as virtual shoes or jerseys. And US Foods recently launched MOXē, an all-in-one e-commerce app they built from the ground up using the latest technology. Everywhere we look, enterprises are transforming their businesses with software and data. We have the technology today to drive innovation while mitigating risk and driving higher levels of operational efficiency. By taking this approach, we can emerge as stronger, nimbler, and more sustainable businesses.