Recently I had the opportunity to host a group of forward-thinking CISOs, CIOs and other executive decision makers drawn from several enterprise organizations in the United States. The goal was to frame perspectives on trends and priorities emerging within their respective organizations while co-relating to broader industry trends.  Specifically, the intent here was not to x-ray the requirements of any single organization, but rather to identify, detect and understand patterns that could, in turn guide priorities over the next few years, benefiting the broader community. The discussions unearthed a lot of commonality in terms of shared pain points and higher order goals, and I thank the leaders that participated in the exercise, as well as the talented members of my team that came together to create a successful forum for discussion.

This multi-part blog series will summarize prominent patterns and insights that emerged from these sessions, that would hopefully serve as guideposts for the next 12-24 months, mostly in the areas of security, cloud infrastructure and deployment models.

Over a few sessions, broadly we had the cohort dive engage along three axis –

  1. The first was to really examine their top pain points. Issues, that if solved, would help move the needle for their organization.
  2. The second was to look at their investment priorities and where they were likely to place strategic bets.
  3. The third area was more forward looking, evaluating emerging trends and the vision they were likely to subscribe to.

Broadly the discussion centered around a few major themes. A bird’s eye view of these themes is distilled and highlighted below:

#1. Gen-AI: Not surprisingly, Generative-AI was a hot topic of interest. Everyone recognized that this was a once-in-a-generation inflection point. Not only were the executives keen to explore credible use-cases and points of intersection with their organization’s mandate, but they were also personally keen to learn about the topic as well. There was also widespread acknowledgement that Gen-AI could be double edged especially in the context of security. Later I’ll touch upon how Gen-AI performed along the three-axes I’d mentioned earlier as it was an interesting output.

#2. Lateral Security: While seemingly a mature topic, it was also deemed the most practical and where the investment was likely the highest. There was widespread acknowledgement that the attack surface had increased driven by the distributed nature of applications. The complexity in the data center resulting from a combination of the legacy and the modern was also discussed.

#3. Virtual Private Clouds (VPCs): This was a novelty in the case of the private cloud. The leaders were unified in looking at ways to deliver agility to their developers, without compromising on enterprise infrastructure and security guardrails. In this context, VPCs were a topic of interest and something they definitely wanted to dig deeper into.

#4. Cloud Operating Model: Perhaps overly simplified or cliched, the terminology represents the coming together of a simplified, consumption-based (as-a-service) approach to infrastructure and security powered by automation. In this context, the value of an integrated stack and the nature of the experience that could deliver was of considerable interest.

What is interesting is that all these areas transcended verticals reinforcing how security is such a big ticket item in organizations, regardless of the industry they belong to.  Large enterprises accumulate complexity due to the size of their organizations, their distributed nature (many of them are global), leadership changes, quest for organic growth as well as their pursuit of inorganic growth through mergers and acquisitions (M&A). The security stack becomes quite complicated and the desired effect sometimes is the opposite of the best intentions. Integration of the security stack itself is nirvana to many organizations. A thoughtful and proactive approach is required in such cases.

I’ll expand on the four themes in a subsequent blog, perhaps digging a bit deeper into #1 and #2 above as they appear to have the highest resonance for now. Needless to say, the topics all have multi-year relevance.

Finally, as organizations head into 2024 and indulge in planning cycles for the next year (and beyond), I hope some of these insights will prove to be of value.