Expert IT Predictions for 2019 and Beyond

February 07, 2019

Kevin J. Smith | Senior Vice President | Ivanti

Rex McMillan | Principal Product Manager | Ivanti

Ian Aitchison | Director, Product Management | Ivanti

Chris Goettl | Director, Product Management, Security | Ivanti

What percent of organizations will begin the move to Windows 10 in 2019? Is this the year we see a huge fine associated with GDPR? When will on-premise data centers be a thing of the past? Our IT pros discuss these predictions and more as they examine the trends that will shape the future of IT. Hear their predictions and share your own in this interactive webinar.

Transcript:

Erica: Hi everyone, welcome to our webinar today. We have quite the star-studded lineup and a unique format, so thanks for joining us. Back in December, we asked Ivanti's thought leaders and experts a simple question, really, just to predict the future. So now Ivanti talks a lot about trends and what's happening in IT right now, but we wanted to have a little bit of fun and get some predictions on what IT is going to look like in 2019 and also beyond. We have some long-term predictions here today. And the goal of this hopefully these predictions and insights will help you as you're shaping your IT department's priorities and budgets and strategies. So with that, let's introduce our distinguished panelists today. First, we have Ian Aitchison, our Senior Product Director. Hi Ian, how are you doing?

Ian: Hi there, Erica. I'm doing good, thank you. Great to be here.

Erica: Great. Next, we have Chris Goettl, the Director of Products for Security here at Ivanti. Good morning, Chris.

Chris: Good morning Erica, thanks for joining me.

Erica: Great. And then next on our lineup is Rex McMillan. He's our Principal Product Manager at Ivanti, and a lot of people don't know, he is a classic dad-joke extraordinaire. So Rex, can we expect any of your famous jokes during the webinar today?

Rex: I'm gonna be very serious this time, thanks for letting me come.

Erica: And last but not least, we have Kevin J. Smith who's our VP of Strategic IT. Hi, Kevin.

Kevin: Hi, Erica, looking forward to the discussion.

Erica: Perfect. So now that you all know who we are talking to today let me introduce the format of the webinar. Ivanti just released an infographic with the IT predictions that I mentioned before, and I'll pop the link that you're seeing on the screen in the chat window in just a minute. If you want to follow along to that infographic, you can. And so today we're going to have a roundtable panel discussion about some of the predictions that our experts made for this infographic, and we'd love to hear your thoughts and questions, so make sure to utilize the Q&A function at the bottom of your screen. And if you have any predictions of your own, we'd also love to hear those and potentially bring them up at the end of the session. So send any predictions you have as well.

So with that, let's dive in. As you might expect, many of our predictions revolve around AI and automation, so we're gonna tackle that subject for the first three predictions. And I thought we'd start off with a fire take from Ian, and his prediction was, "In 2021, the CIO that didn't have AI and automation at the top of their 2019 agenda will no longer be the CIO." So Ian's coming in hot here. Ian, talk to us about your prediction.

Ian: Yeah, thanks, Erica. It is quite a strong one, I suppose, isn't it? And when we did these sorts of predictions, sometimes they're quite sort of conservative and based in measurable facts and sometimes they're a little bit more passionate, maybe. This one I think is a mixture of both. I think this is both factually based and also kind of a rallying cry to the industry as well. The topic of artificial intelligence, or call it machine learning, and there's a whole collection of other phrases and terms we can bundle in around that. But that area of technology, studying large datasets and coming to conclusions, recommendations, and being able to interact with it in easy human form, easy phrasing and terminologies, a direction we're seeing things moving. There's a slight bubble effect at the moment, I think. There's no vendor outlet that hasn't raised the AI flag in some way and talk to the artificial intelligence and through 2018 there's lots of noise there. And there's an element of a bubble, but I think that's an element of an early bubble which is just leading to a medium-term reality that's really going to set in.

The technologies we're seeing now being used by vendors in their new solutions being used by organizations as part of their introduction, the new technologies of their businesses, those technologies are here to stay. They're not going to go away. They're not going to stop being used. So although there's an element of early hype, I think the important thing is those that are planning future, strategy, direction for technology in a business context, in an IT context, actually they must be right now focusing on what their first steps are down the artificial intelligence path.

And Gartner actually, one of the many analysts that like to comment on these things, had some great words about this recently where they're basically advising in 2018 strategic decision making should be starting now with their artificial intelligence plans. They were saying there will be failures, things will not all be super successful, but unless you start now, you'll be left behind by those that do. So the business or even the individual on the technical level that isn't starting to study, engage and plan around artificial intelligence now will be left behind by those that are. And that goes right up to CIO strategic level, if you're not building your plans now for 2019 to introduce the first artificial intelligence value into your business, then others will be. Your competitors will be or others who may look to take your role in a few years time will be the ones that are doing that right now.

So I think it's really important, think about machine learning recommendations, taken from multiple large data sets, those cloud and on-premise environments, recommendations that get people guidance on what to do. Think about as you work in tools being [inaudible 00:06:23] to interact with them using your voice with sentences, having guidance given to you in the context as you do things, suggestions on what the right next fit to take is in technology. And even out to interacting across the business with one of the earlier areas of AI, we're all seeing the introduction of bots. The conversational AI is one of the first leading indicators of that big shift in that direction, and we're all seeing lots of that popping up all over the place, and that's a great area for organizations to start.

The final point that I would say, and it says on here "automation," that's a really important part of artificial intelligence in IT for CIO because it's not just about what you recommend, it's in the action you take, and being able to take actions quickly. Being able to let machines take some decisions and perform IT actions across technology is really important, but don't forget to keep the human in the loop. If it's important, if it's high volume, if it's high impact, have human beings with their fingers on the triggers as well, monitoring what automation is doing. But if you're not doing it now, you really need to be doing it soon.

Rex: So Ian, when I first read your prediction, I was like, "I think I'm gonna have to argue with Ian. I'm not sure that you won't be the CIO in 2021 if you haven't started," and then I had to step back and say, "How do I see AI and its role here?" And really, I look at AI has three things, automation of process, gain insight of data, and really engaging with customers, and those are kind of three, you covered all three of those as you talked. I think I have to agree with you a little bit. If you haven't started down that automation path, gaining data insight, you know, the statistics I'm seeing is the number of projects in AI that are failing around insight right now is really high. But you may be correct in saying "Hey, if you haven't started, then you wouldn't have been collecting the data, and if you wait until 2021 to collect the data, maybe you're too far behind."

So maybe I'm more in the middle of the road here on you won't be the CIO if you haven't done AI, but maybe I can agree with you if you're saying that you haven't started and laid the groundwork. How's that for pushing back a little?

Ian: Thanks, Rex. That's good insight. No, that's great. And that's interesting to hear you call out those points. I think with new concepts in technologies it's sometimes easy to focus on the day-to-day keeping the wheels turning, and there are certain times when you need to consciously braze your gaze. I mean, we saw with the introduction of mobile devices into…you know, we're all very familiar with now, but there was a time when IT organizations didn't really have a mobile strategy. And then what happened, well, those that did have a strategy were taking an advantage, and the employees in the organization were bringing mobile devices in any way. It's a similar concept. It will overtake us. If you're not surfing the wave, then the wave will overtake you and I would say, being challenging, potentially drown you. So it's really important to be at the front of that wave. That's my view.

Rex: Yeah. And, I mean, in some of the things like using AI to do automation, I heard somebody say the other day, "If you can outsource it, you can automate it." And we know there's a lot of stuff outsourced today.

Ian: Yeah. Well, that's interesting, isn't it? If you do it internally and it just takes you a long time and it's repetitive, you could outsource it, and you're right, you could equally automate it and the automation will be heck of a lot faster than outsourcing. And faster means better value to people, better ability to work. Yeah, good point. Thanks, Rex. Who's next on the next one?

Erica: Okay, so going along with that, we have one from Kevin, and Kevin predicts that by 2023, 60% of all IT business processes will be fully automated. So tell us about that, Kevin.

Kevin: Well, I think everybody has a number in mind because this is something we're thinking more about. But when I ask organizations that we're working with where they are today…so let's start with that as a baseline. I get a lot of different responses, but I would have to put that kind of frame, the level of automation today in the 20% to 30% range. Some organizations are a little less. Some organizations are a little bit more. I rarely see one that is more than 30% or 40% automated. And by that I mean look at all the business processes that IT executes every day, all the things that are a normal part of the daily rhythm of IT. And there are many of those, and don't forget about the tasks because sometimes important work is done by a single task. So a business process would be a combination of tasks, a sequence of tasks.

And so because automation is becoming so important, Ian led off with that with the theme of AI and automation, is that now is the time that we have to have a plan to elevate the role of automation across IT. And so it could be, some will be at 50% in five years, and I was thinking in terms of five years by 2023. I think the most aggressive and innovative organizations will be in that 60% or 70% range, and it's important for people to realize that we're not automating just for automation sake. Is there is pressure on the IT organization in many different forms, and if we think about how do we address that pressure, how do we address those expectations, and those expectations are coming from the business and coming from our customers. And if you think about those expectations, those are things like speed. We have to do everything we do faster. It's agility. It's the ability to scale. It is the ability to innovate our need to leverage our people more.

And that's kind of the general term, but when I say leverage our people, what I mean is take the people of IT, take the people of the IT organization and enable them to spend more time on what they are uniquely able to do, providing advisory services to the business, supporting requests for transformation, working more closely with customers, working more closely with partners in the business around major initiatives in the business.

That is really important for IT to become more involved in the daily operation of the business, and we need to be thinking about that because that technology expertise of IT is so important across all the business. So one great thing we don't always think of with automation is that it will lift some of the burden from our people in IT to spend more of their time on more strategic activities or more business-focused activities. So look for that percentage to go up significantly. Will you get to 60%? I think most organizations will, some will get higher than that, some will get to 70%, some will get to 80% because I do think we'll have to be at a full 90% by 2028 or we have an even more ambitious goal beyond this one.

And then the last comment I'll make is that I often get the question, "Okay, we know we need to do it, where do we start?" And one big place to start, and I think Ian touched on this briefly in the leading segment, is that IT really needs to have a roadmap. IT really needs to have a plan for how they leverage automation in AI. It's not easy. We're not really sure where to start. The key is you just have to get started. So start with some simple elements and then start building that roadmap and look at the next three to five years and what processes can be automated. We're gonna learn a lot in doing that and then automating the first few business processes and then let's update the plan or update the road map. But without that plan in place, it's not clear where we're going, and as a result, we probably won't get there. So IT needs to build that and IT needs to show leadership, and sometimes that's gonna come from the CIO themselves, because the business knows we need to do it. They don't know how to do it. So it is a time for leadership, including the CIO.

Ian: Yeah. Hey, Kevin, I guess just on that, or when we hear phrases like digital transformation, that's a lovely buzzword, we all love a bit of digital transformation, a lot of that does come down to automation, doesn't it? It comes down to changing the way we were using technology to do it differently, to do it better, to do it in a way we haven't been able to do it before. Is that right?

Kevin: Yeah, exactly, exactly. And people, we use that terms so much, this transformation or the digital business, and many times people don't understand, "Okay, I like that. What do I do? What does that mean?" And automation is a great example of something that is real and something that can have a big impact and can start that transformation.

Ian: Yeah, and I'd always argue to keep the human factor is still very important, not only for protecting against out-of-control automation but also many business processes rely on communication with people and having human conversations as well. So I think we need to be careful not to over-automate. But the only way for organizations to grow and compete and become better at what they do, it's not by having nicer conversations with people. I wish it was. Truly it's about applying technology to improve. Good one.

Kevin: Yeah, great.

Erica: Okay. So next up we have Rex, and he predicts that by 2025 there will be AI experts embedded in finance, sales, and IT departments. CIOs will have created the Office of AI and Machine Learning and this office will have increased C-suite visibility. So now Rex, in the infographic, I remember reading you talking about this new department and how much other departments will rely on it to gain insights into their responsibilities. Let's hear more about that.

Rex: So I had to push my mine out a ways as we start talking about AI because it's such a buzzword and so much hype. Ian did a great job of describing the capabilities and powers. The part that's going to be really powerful with AI is kind of that cognitive insight. When you can get that deep view into your data and actually get usable data out of it. The reason I say that we're gonna have to have an office of AI and people are going to be in these different departments is because of the examples we continue to see with cognitive insight with you don't know the data and you don't know what should happen then that comes out wrong.

There's an example of a hospital who did a whole bunch of they've gathered the records, they did that stuff, they prepared, they did what Ian said, and they're preparing and saying, "Hey, we're going to use AI to determine if our protocol for treating pneumonia patients is correct." So they run all of the AI and they get done and it comes out and it has these rules and the rules are more accurate than what they do, except for in one case. And in this case, it says, "Any patient that has asthma should be sent to the outpatient." Well, the data that it was looking at indicated that asthma patients very rarely had complications with pneumonia.

Well, what really happened is that the hospital already had a rule in place that said, "If you have asthma and pneumonia, you go to the ICU." That little tidbit of rule was not in the data. So if you try to take and say, "Hey, we're gonna not get AI experts that live inside the discipline, we're going to miss these things and we're gonna have major failures." So as we move into this cognitive insight of data we have to say we're gonna get these proper people. They're going to have domain expertise. They're gonna know what was going on so that as we go across this it can really become valuable and usable.

Now, the flipside of this is that the European Union just recently proposed a piece of legislation that said that they want to provide the right to explanation which allows their citizens to demand transparency for algorithmic decisions, and I can hardly even say what that means. Now, if and as that legislation passes, that would mean that a citizen that gets a healthcare protocol would be able to say, "Why are you treating me this way?" And the business would have to be able to explain, well, the answer couldn't be, "Our computer determined this was the best process for you."

So there is a lot of interesting things that are gonna come. So I feel like the AI and cognitive insight, absolutely critical, going to get to there, but it's going to take people that have domain expertise that are embedded in that part of the business to really get those insights and that value. And when all my peers are silent, they're not understanding what I meant.

Kevin: No, I'm here. Hi, Rex, it's Kevin. You know what I was thinking about, and the theme that people need to keep in mind is just leadership. Leadership coming from IT because the business is not equipped to really understand how to leverage AI and how it can change, how we work every day in these departments. So I think the CFO, I like what you say there about the C-suite visibility because I think the CFO and the COO and the CEO know that AI is gonna change how we work, they just don't know how. And they don't know how to take the steps to get us to where AI is part of our daily style of working. And so there's this void of leadership, and I'm not sure that people understand how important it is that IT leads, that IT fills that void and shows finance and sales and marketing and support and other organizations how they can leverage AI and that IT becomes this kind of center of innovation and center of leadership that then moves the whole business forward, if that makes sense.

Rex: That's exactly, I love it when you restate and make it so it's… But yeah, if IT will take that leadership position of saying, "Hey, we have this data, let's store this data, bring me your domain expert and let's help him become smarter in what machine learning can do have him come and look through these rules." This office of artificial intelligence is going to build and really allow us to get insights that can transform businesses. This is what thought leadership is gonna come from.

Kevin: Exactly, it's gonna be fun.

Erica: Okay. So moving forward from AI and automation, we have a prediction from Chris. In 2020, companies who are unable to move away from Windows 7 and unwilling to pay for extended support from Microsoft will be exposed to critical vulnerabilities. Can you get into that, Chris?

Chris: Yes. So this is something that I think everybody is aware, it's this looming thing out on the horizon but it's always, it's out there a ways and people are thinking about it in the back of their minds but then it finally creeps up on you. Well, we're less than a year away now from the end of service of not only Windows 7 but also Server 2008 and Server 2008 R2. We've got customers starting to reach out to us already because they're contemplating continuing update support with Microsoft to make sure that those systems that are…they're still gonna be needed for a period of time.

So many of you, if you have systems that are identified that you need to hold on to for a period of time yet, whether there's a critical application running that can only run on Server 2008 R2 or the application side of it, the user-facing side of it can only run Windows 7 right now, maybe there's a project in place to try to transition that off, whatever the reasons for it. This is already starting to be one of those things that you should be budgeting for that you should have a plan in place and know how long you're gonna have to hold onto this.

So Microsoft had a blog post back in September 2018 that started talking about the move towards Windows 10. There was a sub kind of article within that subtopic within there talking about the extended security updates support that you can get for these operating systems that are gonna be out of service. Well, just recently, they had released actual pricing to Microsoft Enterprise customers, those on volume licensing contracts and things as well, and some of that pricing has now leaked out to the public, and there's some news articles going around, and they're showing that if you're on a Pro license, it might be x number of dollars per year, and each year that number will increase, but it may even double year over year. And it's only gonna go out until 2023.

So if you're a company that knows that you got to hang on to somebody's operating systems, you know that they're not gonna be…you know, you should be planning a few different things. One, if you have to hold on to these systems, how much can you segregate them from the rest of the environment? How much can you lock them down? What other security controls are you gonna put in place on those systems? Because if you leave vulnerabilities open and exposed on these, they are low-hanging fruit that attackers will be taking advantage of. Just because there's no updates continuing for Windows 7 doesn't mean that the next critical vulnerability that affects Windows 8 and above doesn't also affect Windows 7 in the same way.

We saw this with Windows XP shortly after the end of life for that. You know, WannaCry occurred. Actually, Microsoft had to take action and release certain critical updates for the Windows XP platform because there were so many left in circulation and they were exposed in making it so that propagation of malware using those SMB exploits would continue and cause a greater disruption to the world economy than just that one company alone. So this is one of those things where if you haven't already budgeted for this, if you're planning to keep these systems around, you need to make sure that you're doing that. It needs to be part of your Windows 10 migration plan, and it needs to be something that you've got a good action plan in place for it. Rex and I have talked a lot about Windows 10 migration and companies moving towards modern OS management. Rex, what are you seeing from the Windows 10 perspective right now?

Rex: Yes. So we see a lot of people in full force doing Windows 10 migrations. The Windows 10 migrations have been going well. The concerning part is that we look at statistics, you know, we should be two-thirds done with Windows 10 migrations and the industry is only about 50% done with those. So we're seeing a lot of people do them, they're being very successful. Microsoft has come out and made a lot of statements around application compatibility, they've launched their application compat program where if you find an application that has trouble, they'll actually assist you in making it Windows 10 compatible, they'll tell you what needs to change or they'll fix windows 10.

So Microsoft is super motivated and extremely committed to making sure that everybody can migrate. I think that XP...I've heard you say, Chris, "Any good security topic has a scare factor," and I think with XP we saw it, we'll see it again with Windows 7. If I know about a zero-day exploit that's never been reported, if I'm mal-actor and I have that today, I absolutely would not use it and I would not sell it or do anything until after the end of life of Windows 7 because that thing will be so much more valuable once the masses are not getting support anymore. So will we see a huge set of exploits? I don't know if it will be huge but there will be some that are critical. So that Windows 10 migration and Microsoft's commitment to it are paramount.

Chris: Yeah, absolutely. And I think you're spot on with the it's not gonna be a constant stream of everything targeting Windows 7, because the number of those aren't diminishing. But there's gonna be some very nasty ones, and I think to your point if somebody has one of those, they know that the end of life is looming, it's in their best interest to hold onto it until Microsoft is no longer committed to providing a fix for it. And that makes it so there's a lot of low-hanging fruit out there. And actually, if you look at…there was one of the Verizon data breach investigation reports a few years back was looking at exploits that had occurred globally. And if you looked at that, 99% of them were actually all the same top 10 vulnerabilities that were being exploited that were being observed in the wild. And the majority of those were on platforms that the fix was available on supported platforms but on legacy platforms that were no longer supported, that same vulnerability was being exploited regularly. So, again, it's one of those things where threat actors, they're gonna look for low-hanging fruit and your Windows 7, Server 2008, and Server 2008 R2 boxes are all gonna be falling into that category here in January 2020.

Rex: I feel better, Chris, if you give me that good scare tactic there. I feel it's a lot better security discussion now.

Chris: Yeah. If you can't scare them with the topic, then it's not security-worthy, right?

Erica: Okay. So I'm pretty excited about this next one from Ian. He predicted that by 2021, our identity will reliably and consistently be our own faces or other bios. Text passwords will finally be dead. And I like how he added "finally" in there. It's spoken like a man who's forgotten his password one or two times maybe.

Ian: One or two times, Erica, wow. This isn't so much of a prediction as a wish, this is me begging. But I also think it is inevitable. I think we can all see it's coming, but technology brings us loads of great things and it lets us work better and faster. But like everybody, my god, I'm sick of typing in passwords. So many different passwords and all of the clouds, independent applications, vendors out there, all managing their own different password systems so you're getting the connecting of them together. And at some point, you get things like the Chrome plugin that recently came out that will check whether any of your passwords that are held in Chrome have been stolen and are being used elsewhere. And you think, "Well, hang on a minute, what's that plugin doing with my passwords anyway?" It's just mad.

As you can tell, this one makes me really cross. I can't believe we're all still typing in passwords. And we're not all doing it, clearly, on or off on our phones and on some of our laptops and some of our desktop keyboards and things where we're increasingly starting to use bio-level identifiers. There are face recognition on mobile devices, it's really good. It's really good. So you can see a point where we won't need to be typing in a password, once for the first time or ever. It kind of connects to the concepts of identity, governance, and administration, the centering of everything around your identity. If you know somebody's identity, you can make sure they can and should do the rights things and not do the wrong things. So rather than sort of focusing technology on various different role-based permissions, maybe we should focus technology on the person and who they are and what they're allowed to do.

Wherever it takes us, and I know Chris will probably chip in in a minute because he has very strong security views, I just know people that come to work that come and use IT technology…or work from home, of course, we know that one is coming up too. We all have to log in and we go away on vacations and holidays and suddenly things pop up and it says, "You need to reenter your password," or you've got your password wrong or you've forgotten your password, and I'm so sick of it. And I think we're all similarly sick of it. And we're so close to that going away. And I'm just looking forward to even just two years away, 2021, no longer having to remember all those different passwords, because they drive me nuts.

Chris: Yeah. Ian, I think you're spot-on with this. So one thing that if you look at security, what's the edge of concern for the security team. Several years back, you could go to the team and you could say, "Okay, what are we worried about securing?" It was the perimeter, you know, "Here's our network, here's everywhere that we need to secure," and it was all about the perimeter. And then we started to get heavily into laptops and mobile users and moving towards multiple devices and really it came down to the endpoint being the edge of security. We've evolved a step further. Think about the fact that if you don't have your work system with you right now, what can you still do?

Well, I can go and log into any of our web-based systems that we use. I can log into my CRM, I can log in to access corporate data through a variety of different cloud-based storage solutions, I've got Office 365. The identity is now the edge of security. So the fact that there was a recent article about this thing called Collection Number One. I don't know if any of you guys read about this, but basically it was this massive collection of credentials that somebody was selling on the black market, and in reality, the data was actually two to three years old. But the interesting part about that is there's still a lot of credentials in there that are still perfectly usable. There have been a few cases over the years where a big vendor like an Amazon or somebody like that was called into question like, "Hey, it looks like users, their credentials have been exploited on your system, you know, you guys had a breach, didn't you?" And they're like, "Actually, no, it wasn't us."

Really what was happening is the same thing with this collection number one, if I get a credential from some small e-commerce site for you, what's more commonly gonna be your user name and password? It's gonna be your email address, and it's probably, for many users, gonna be the same credential, the same password you use for a variety of different accounts. So if I get it for one small e-commerce site, as a threat actor, I know I can go to the top 10 big sites out there that I really wanna access of yours, and I may get a hit on that because you use the same user name, your email address, and the same password that you've used for that site that I was able to exploit because it wasn't as secure. So passwords are really a very weak part, and it's down to less of the password and more of the user. The user is still the weakness. The fact that we don't want to remember [inaudible 00:36:49]…

Kevin: Just to chime in, so much of what we're doing today is being driven by convenience and people unwilling to take five seconds to do a task that's not absolutely necessary, so we're just gonna expect our devices to know us, and to save me that time and to save me the inconvenience of having to remember anything, because I can't and I'm gonna mess it up for sure. So this brings in that element, in addition to being very effective, the element of just convenience and saving time.

[crosstalk 00:37:24].

Chris: Yup. So the rise of two factor and password vaults.

Ian: And but it's so old fashioned, right, it's so dated as a concept that our ability to do things is based on a couple of text strings that identify who we are and prove who we are. And you can introduce two-factor authentication levels, but that just slows the experience down. I think the way passwords work now, passwords are like the VHS, video cassette of IT. This one's from years ago, I can't believe we're still using this. We were talking about AI coming in, when AI can recognize people's faces consistently, reliably, when it's very, very easy to identify somebody without asking them to remember whether there is an exclamation or a number or a capital letter and a string of words that they never see. It's crazy, and you know what the most common ticket into a service desk environment in, the most common help desk ticket, still I think is the password, forgotten password, password reset, even with automated password reset tools. What we're doing is putting a plaster over the wound, you know, we're saying "Okay, well, you forgot your password, you can reset your password now." And it's great stuff. I mean we help with that a lot. But ultimately, wouldn't it be great if none of us have to ever reset any password because technology knew who we are.

Chris: Absolutely, and that's where two-factor authentication and password vaults are going to make that transparent. It should be something more like a biometric or something about your identity that gets you authorized using that and behind the scenes, everything is just automatically taken care of. Passwords are complex, constantly changing, and the experience for the user is exactly as you're saying. But behind the scenes, it could be very…the passwords could still be there. They could still be very complex. If you actually went to that login and manually logged in, you could still use a password, but the user experience needs to change.

Ian: I think even what you're saying there, Chris, is still hanging on to that VHS video cassette a little bit. Do you know the ultimate password? It's my DNA. It's my live DNA, not a replication of it. We need to get to that point where it no longer is something we have to look up and double check and just check. It should be absolutely unique and it feels like we're very nearly there. Anyway, I'm talking too much, I'm sorry. I've had too many coffees. I'm gonna stop and I'm gonna let Kevin step in. Go on Kevin.

Erica: We can tell Ian is very passionate about this, obviously. So moving to our next one, Kevin predicts that by 2028 only 10% of IT staff will work in a corporate or regional office. That's really interesting. Let's hear more about that, Kevin.

Kevin: Well, I think that we have a combination of things that are happening here, and a couple of them are obvious. And I think one is really important for our discussion today. But, I mean, we're gonna look at people. And IT is a great example because IT staff are people that we sort of assume are going to be in the office. But we're gonna look back at sitting in an office as just so 2010. It's just becoming increasingly limiting, increasingly unnecessary, and increasingly unproductive. And one thing is is that the tools have gotten so much better, the tools that our talented people of IT, the tools that they use to operate IT every day, they have improved dramatically.

For example, the things we use to assume functions, tasks that could only be performed in the data center or on a server or on a desktop, and this is really the evolution that we're seeing, that's increasingly unnecessary. And we can perform administration tasks on a laptop or even on a mobile device, and any old-school conventions we had about, "Well, I can only do that if I'm in the office." Or "I can only do that if I'm tethered." All that stuff is starting to fade away. And the other dimension I want to mention which is really important beyond the tools, because the tools have to be there, we have to have the technology to do what we have to do. But there's a new issue that's arising in the workforce and in IT and that is mental health and quality of life.

This is becoming a very, very big issue for us, and managing our workforce and keeping our people healthy and supporting our colleagues and recognizing mental health challenges, there's so much pressure today. There's so many expectations today. There's so many demands on our time and demands on our family that one thing that the mobile workforce does is that when we do it right, it's good for everybody. It is good for the business. It saves a lot of money. It's very cost-effective and it's good for the individual because it can improve the quality of life. It does give us flexibility. It does allow us to do what we need to do from wherever we are whenever we need to do it. It gives us a new level of agility. It allows us to respond to issues or to business needs more quickly. It allows us to work more effectively with customers. It allows us to support our customers better.

And I'll give you one more example of what's happening with the business and that is the need for the business to operate 24/7. The business needs to always be on, and the only way that can happen is if IT is always on. And when we look closely, what that really means, so much of that immediately for our people, for our good people, our individuals that may have to respond to an issue or perform a task off hours, that is in most cases very doable if they have the flexibility of location. If they don't have to get on a train and go to an office or get in a car and go to an office or get on an airplane and go see a customer. You take that out of the equation, we are unlimited in what we can do.

And so when we do this right, my final comment would be that...and the 10% might be high, by the way, and it might be 1%. I don't think it'll ever go to zero because we need, as we talked about before, we need the advisory services of IT with the business. And sometimes that's a sit-down, that's a sit-down discussion. It could be a lunch together, it could be coffee together. But the human element will never go away. But when we get this right, the business is more productive, the quality of life of our people goes up and we are more effective in giving our customers what they need.

There's that pause.

Ian: Well said.

Kevin: While you're searching for the mute button.

Ian: It's nice to hear us talking about the mental health factor and the pressures of technology and the humanity side of it. As I referenced earlier, we're all striving to take the benefits of technology, but we shouldn't ignore the humanity and the impact of technology on humanity. I think there's many new stories about the effects, even downs of overuse of social media by young people, and then you get in the workplace and you're driven to do things faster and faster and faster. So credit to you for bringing out the human factor there.

Erica: Great. Thank you, Kevin. So our next one is from Rex, and it's "By 2020, Microsoft will be the largest AV vendor in the market. It will have over 50% of that market and will be recognized as the trusted AV vendor." So Rex, talk to us about that, please.

Rex: Well, this all really goes back to a objective that Microsoft came out with when they released Windows 10. And they came out and they said, "We're gonna have Windows 10 on a billion devices on the planet. And then they gave some key results that they expect it will be the most secure OS out there. It will be user-friendly. So they give items. So we're a couple of years into Windows 10 now, and every time we see a release and we watch them and we watch the market, Microsoft is making the moves to make it so that they can really have Windows 10 on a billion devices and know it's secure.

One of those things that's required for that is that they have to step up their security game. And 18 months ago, I would have probably called myself crazy at this prediction because Microsoft hadn't really gone and invested. But as we watch the industry trends now, we see what their investment and their stated investment into the security world is. They have really raised the bar, they've sat down, and to some of our earlier points, they are now monitoring and keeping track of so many things they're going on from our email to viruses found to what causes applications to have trouble, to what applications are malicious, they are now at least as good as the other AV vendors out there.

They're starting to pass the test, and their ratings are as good or similar to the other AV vendors, and their pricing model for people is very, very compelling. So Microsoft is gonna continue this play is my prediction, and we're gonna see them continue to focus in here. And it's all about that original goal that says, "We'll run Windows 10 on a billion devices." So as they go for that goal, this is just one of their cogs in the wheel that it's gonna make it so it's possible. Thoughts, Chris?

Chris: Yeah. So I absolutely agree on many points that Microsoft is. One of the biggest things is how do you simplify experience? Like there are certain things that they've gotten to the point where having the native tools is the optimal experience. Disk encryption is one that happened several years ago now. It's easiest to have the native Windows, the native Mac, the native disk encryption, be the security solution you're using for disk encryption. You may need some additional management on top of that to manage across a heterogeneous environment. But the same is now happening with antivirus. More and more companies are looking at antivirus and they're saying, "Okay, for how much we're spending over here for another vendor in the same space, we can get comparative protection. It's built right into the operating system and it's at no additional cost to what we're already paying."

So they're looking at that as, you know, you get that tradeoff of getting adequate value for the money you've already paid. So they're saving money on that too. It's not that every single security thing you do is gonna be the Microsoft approach to doing it, but more and more, we're gonna see a lot of native security tools, especially in the Windows platform, become more mainstream. Another one that I've been seeing a little bit right now and actually had some people ask me questions about recently is this new feature called Sandbox. For any of you who are more security-minded, if you download something and you question whether it's malicious or not, you're gonna take that, you're gonna spin up a VM, you're gonna put it into that VM and launch it there so that it's contained.

Well, Microsoft just launch this new feature called Sandbox. That makes it so rather than we have to spend the time and effort to do that, I could just click a button, it spins up a virtual machine built right into the operating system that I can basically run that thing that I downloaded in. Well, I mean, that technology very easily steps forward into areas like virtualizing things that are open through the browser or through the OfficeSuite or other things like that that other security technologies like Bufferzone and Bromium have been very niche in the market in delivering a virtualized container to do things that are questionable. And that's a lot of what we need moving forward is, tools like that being part of a native browser experience, being part of a native OfficeSuite experience. And this is an evolution that I think we'll see continue.

Rex: Yeah. Sandbox is very intriguing because three years ago when you'd talk to non-IT people and you'd say, "Yeah, I have a virtual machine right here. Let me just run it in that to test it," everybody looked at you like, "What?" And now Sandbox is part of the OS. So you're going to be able to simplify and as that workflows change and simplify, you're gonna be able to train your end users, "Got something questionable, click this button, run it there. It's the same as your machine. It's easy." But I agree that, you know…so now if I tell you, you know, if I act like I've drank a lot of the Microsoft Kool-Aid, I've been and I've listened to some of their product managers talk, and they have quoted numbers of the number of security events that they're tracking daily that they run an AI against, machine learning, their level of investment in this area is pretty much unparalleled. So I do believe in the next two years, we'll see them, you know, in the next year and a half, I think you will see them become a clear leader and trusted vendor in this space, so.

Chris: Yeah. Another interesting thing that was announced not too long ago here that Microsoft is even acknowledging that they may not be the best thing to do there, but they can pull something in that will natively bring that same experience. They've announced that they're gonna be bringing Chrome Frame into the Edge browser so they won't have a separate browser anymore, it will actually be Chrome built into the Microsoft experience. Google has done a very clear job of being the leader in staying up with and securing the browsing experience. So they've acknowledged that and they're gonna bring that more tightly in their experience as well. So I like the trend, the direction that Microsoft is taking. I think we'll see it continue quite a bit.

Rex: I agree.

Erica: Okay, so we only have a couple minutes left. We're gonna move on to this last prediction really quick. By 2020, operational and security teams will be forced to unify their efforts to provide end-to-end vulnerability management from assessment to remediation to more effectively manage the constant increase in security incidents. So Chris, take it away.

Chris: Yes. So one trend that we've been seeing for some time now is companies spending a lot of time and effort on prioritizing and identifying what vulnerabilities need to be resolved. But that's only half of the problem. So in a lot of cases, you've got your vulnerability assessment solutions whether it's Tenable or Qualys, Rapid7, whoever that might be. We started to see more and more, the process was kind of falling down where people were just saying, "Yeah, give me everything critical, and here you go operations team, go solve this."

Well, there's a lot of vulnerabilities that are being exploited that are actually only rated as important or even moderate. So we needed to get better at prioritizing. So whether it was pulling that vulnerability data into a SIEM platform, something like Splunk, and then taking additional threat feeds and trying to match that data together and get a better prioritized list of "Here's what we need to take action on." Or now there was an insurgence of these SOAR vendors that are adding additional value and analysis on top of the vulnerability assessment. They don't do the vulnerability assessment specifically, they take that, match it to additional data and analysis that they've run and give you a better output of "Here's what you need to focus on."

We still have the next step in this process which is how do we get operations to actually close their vulnerability loop. And that's things like patch management and secure configuration and the different actions that need to be taken to actually plug the vulnerability. Still today, we've talked to too many companies that you go to the operations team and they're like, "Oh, yeah, you know, security just handed off this latest vulnerability report," again, whether it's straight from the VM vendor or through the SOAR vendor or through the SIEM platform, this is the prioritized list of things that I need to go and fix. But it's all in the language of security, vulnerability, CVEs. How do I then map that to what I actually have to do?

Many teams are telling us that they're burning five to eight hours on average every time they get that vulnerability report. So this is an area where, getting back into that AI and automation discussion, this is where we can optimize and make our ability to secure our environments more efficient. Being able to take the vulnerability assessment and directly map that to the actions that need to be taken. Most cases, it's software updates. That's where most vulnerabilities are gonna reside. Yes, there is cases where yes, this protocol no longer is secure. We have to lock that down, or different things like that. But those are a smaller percentage overall. But it's the taking that human element out of it, that manual effort, that deduplication and mapping of data, this is one of those things that can absolutely be automated and needs to happen more and more.

So by 2020, the operations and security teams need to automate more of the steps of that handoff, where today a lot of times it stops as security gets to their prioritization, manual handoff occurs, and then operations spends time and effort and resulting in human error and friction between teams to actually try to resolve those vulnerabilities. And in the long run, time is wasted and we're left exposed for a long enough period of time where attackers can take advantage of those vulnerabilities that we've left open.

Kevin: Yeah. Chris, it's Kevin, it's a great point, and there's some natural synergies that we recognize, for example, the operational elements that are automating let's say service management, for example. And more and more, we're gonna execute that automation or we're gonna run those business processes or go through that process in a more unified way where we do a service management, execute a service management request together with security or together with an asset management task. And we'll probably look back on that in the future and think that it was kind of crazy to have ever done those things in isolation, which is how we've done it traditionally. And service management, for example, back to that, there's so much workflow inherent in service management and not always bringing vulnerability considerations or security considerations into that. We really want to increasingly execute, especially now that we're automating, create those automations where it encompasses both versus building to individual and separate automation elements and then we figure out later how to sync them up or integrate them. That's just not gonna work.

Chris: Yeah, absolutely. And that ISM is a beautiful bridge…

Ian: [crosstalk 00:58:40].

Chris: Go ahead, Ian.

Ian: I know we're really tight on time. I was just gonna support Kevin's point there, really. Security isn't an isolated thing, it's a process. It's a series of processes across the business. And security isn't reactive, it's proactive. All those things need it to be more connected into how we service the business as a whole and how we maintain and manage all sorts of changes and responses and forward-going plans so they're clearly connected.

Chris: Yup. And ISM is one of the perfect places to do that that brings process and workflow and closes the loop on the process end-to-end where I think today we're still working too much in silos. So I think ISM is a beautiful way to kind of tie those things together and make it a more unified process.

Erica: Okay. So we got some great comments and questions sent in the chat during this webinar. We are over on time, so we aren't going to cover those today. But I encourage you to check out the infographic on the webinar. We only covered a fraction of the predictions that that webinar covers, so reach out to us if you do have any questions as far as the webinar goes. We'll be sending out this recording in a few hours along with posting it on our website. Thank you again to all of our wonderful panelists for joining us, and I hope you guys have a great day.

Ian: Thanks Erica.

Chris: Thanks…