It's hard to believe the year is over. It seems just yesterday we were preparing for our trek to the Microsoft Tech Summit in Washington, DC, but the calendar assures me that was 9 whole months ago. And while the HoloLens made a couple of splashes on our calendar this year, it really wasn't the narrative.
I've been part of the cloud drumline for 8 years now, and there has definitely been a visible progression of technology that has shifted from "traditional" (i.e., on-prem) management roles to cloud-based. It's safe to say the journey began with email and chat, way back in 2010. That transformation is still on-going, but had reached saturation and general acceptance by 2015.
But something happened at the beginning of 2015, and it started a general evolution that's continuing today, where a subset of datacenter technologies begins to move en masse to the cloud with each new year. That year, we started to see a greater breadth of technologies supporting cloud infrastructure, and conveniently, 2-way password synchronization with AD and Azure AD. Apparently this was a game-changer, because 2015 saw tremendous growth of Azure compute.
2016 saw organizations pivot to focus on the user experience. Microsoft bought a number of security and mobility companies and created the Enterprise Mobility Suite (since rebranded Enterprise Mobility + Security) and set about creating a common management interface and experience that really pushed the first major adoption of cloud services...where a service replaces a server. EMS quickly became the fastest selling product in the company's history, and what began in March of that year with a low-key product announcement became and industrial assault by the end of the year.
2016 also saw the creation of the Operations Management Suite, and...crickets. As a set of technologies, it just didn't land that year, in spite of having 6 months to crack through.
That changed with the new year, and we did more pilot implementations of Azure Backup and Site Recovery than probably any other product.
As the year wore on, though, we started seeing those early cloud adoptions back in the limelight with a nearly continual barrage of phishing and malware attacks, and a renewed corporate focus on shoring up protections.
So while collaboration owned the early cloud, infrastructure was tops in 2015, identity management & user experience dominated 2016, and infrastructure protection was huge in 2017.
Trying to predict the future is a fool's errand, but I do keep an ear trained for buzzwords and trends. The ones I've heard the most in the past couple of months have been:
Serverless
Compliance
Disaster Recovery
Phishing
What I find fascinating about these terms is they largely imply an evolutionary (rather than revolutionary) focus. Whereas in years past the focus seemed to be around paradigm shifts, driving down cost, and building infrastructure, this year it seems to be driving down mistakes. One security blog I read just announced that 2017 was a "dumpster fire" for security and data breaches. Obviously nobody wants to add their company's name to the growing list of high-profile disasters, but I cannot imagine a year wholly dedicated to security initiatives.
We know GDPR is looming, and we've been assured that the May deadline will not be adjusted. With steep penalties for data leaks, and attacks more frequently affecting the bottom line and the C-suite user, it's likely we'll see IT take a more aggressive focus on compliance controls.
Security is still a huge focus, and to that end I think we'll see some of 2017's security drives become much more critical in the new year. The concept of a CISO has bemused me for some time, as there are rarely corresponding C-level officers at any other portion of the IT tower. Sure there's a CIO, but there's no Chief Infrastructure Guy or Chief App Dev Person. Security is a component of IT as-a-whole, and Security-as-a-Service models can enable organizations to focus on delivering apps & content without having to be security experts. I'll be interested to watch the evolution of the modern corporate IT Security department.
Look to time-of-click protections and serverless deployments to reduce organizational attack surfaces. These may be the easiest solutions to a huge array of growing security concerns.
I've opined about training in the past, and as the frequency and sophistication of attacks continues to progress, I think we'll see a greater investment in corporate IT training in 2018. This will likely dove-tail with compliance changes and anti-phishing campaigns, as GDPR is as much about training as it is actually systems controls.
So what's the best way to prepare for the disruptive technologies that will define 2018? If you haven't implemented some sort of multi-factor authentication yet, start thinking about it now. In parallel, anti-phishing tech is paramount to a modern security posture. These two technologies will drive your compliance journey.