In The Pulse: Emerging Technology 2021 report, ISACA sought feedback on specific emerging technology trends, training, and implementations, to identify and establish a baseline of what constitutes an emerging technology, as these definitions can vary from person-to-person or between organizations. From my perspective as a security professional with a blackbelt in six-sigma, I was more curious about what other insights I could gauge from the report.
Figures 2 and 3 offer insight on the motivations for adopting emerging technologies from various professional practices and job role views. One could further categorize the motivations into four categories as follows:
- Financial (Anticipated cost savings, new revenue stream, the ability to reach new customers and a competitor’s successful implementation)
- Operational (Improved cybersecurity, increased agility, improved data privacy)
- Regulatory (Meet regulatory requirements, reputational value to your organization)
- Other
Financial reasons stand out as the key motivator for most in both different professional practices and job roles. I believe the main driver might be related to how business units are transitioning away from traditional cost centers into revenue-generating centers.
One survey question attempts to survey the key characteristics in an emerging technology. My expectation of emerging technology is that (i) it must be “recently new,” and (ii) has the potential to create a significant competitive advantage for businesses from changing the way we do business, making our world smarter, more efficient and safer. But what is the time horizon of “recently new”? The answer lies in the Gartner Hype Cycle shown below.
To determine the average time horizon for emerging technology, I reviewed the Gartner Hype Cycles published over the last five years (2016 through 2020) to tally the counts of different predictions provided by Gartner, organized into periods to mainstream adoption before those predictions transition from Technology Trigger into the Peak of Inflated Expectations phase. From the table below, we can observe that most predictions have a time horizon between 5 and 10 years, as highlighted.
In essence, if the emerging technology truly creates values, it will be demonstrated well before 10 years, or the technology will disappear.
More than 70% of the ISACA survey respondents indicate that the senior leadership team is moderately to very receptive of adopting emerging technologies, but cited cost of implementation as the key barrier to overcome. I attribute this to numerous factors, including:
- Requiring specialized skillsets that may be expensive to obtain in the current job market
- Increasing CAPEX and OPEX investments
- Lacking visibility or understanding on how to leverage the technology to generate new revenues or gain market share
- Following the existing organization’s risk appetite model (conservative organizations will be less inclined to be early adopters of leading and “bleeding edge” technologies
- Other unknowns
I am also interested in learning what opportunities are being pursued by organizations. I postulated that the respondents are more likely to be aware of what is NOT under consideration within their organizations than possessing knowledge of the current status of the specific implementation of the emerging technology, as that is likely to scatter across different functional groups. Re-evaluate the data set from that perspective, and we can quickly discern that anything below the average (calculated as 36%) will likely represent the opportunities, with the highest certainty indicated by the smaller percentage.
The top seven categories shown in the above table do match with my expectation. For example, cloud computing started its mainstream popularity in 2006, led by Amazon Web Services with its Elastic Compute cloud product, but the term was introduced as early as 1996 by Compaq. In contrast, at the extreme of the category, blockchain was introduced in 2008 by Satoshi Nakamoto, but as a product it gained mainstream awareness in 2017. It is important to credit cryptographer David Chaum for his early discussion on blockchain-like protocol in his 1982 dissertation, “Computer Systems Established, Maintained, and Trusted by Mutually Suspicious Groups.” Lastly, cellular technology, more often referred to today as 5G, was introduced in 2016, and entered general use by late 2018. These examples highlight an average mainstream adoption within approximately eight years, well within the time horizon previously discussed.
Having identified the opportunities, the next question an organization may have is how often should the identified emerging technologies be evaluated? Most respondents selected “as needed,” but I believe a more proactive approach to evaluating opportunities from emerging technologies should be correlated to the organization’s appetite for taking risk. If the time horizon for the identified emerging technology is between 5 and 10 years, it probably makes sense that progressive organizations should be reviewing for opportunities no less than annually to allow for time to implement any new solutions.
A last observation I thought was interesting was the experience level and training needs articulated by the respondents. Of the 15 technology categories, the training needs of the top seven categories were very closely aligned to the opportunities being pursued by the organizations and provided confirmation on the certainty of the identified opportunities being evaluated.
If I combined the experience level as an aggregate for the categories, I observed two major gaps: one between basic and novice, and another between intermediate to advanced, which lead to two observations:
- The respondents do not differentiate significantly between novice and intermediate, and between advanced and expert classifiers, and are likely to view them as the same.
- The gaps are significant at the basic to the novice/intermediate and reduce when transitioned from intermediate to advanced level. One can infer that individuals may struggle with training at an intermediate level. Accordingly, the most significant training investment for organizations will likely be at the initial chasm from basic to novice/intermediate level.
Questions 15 and 16 focus on development/training needs. What is especially interesting is the difference between the need today and those in the next 5 to 10 years (when we expect value-added emerging tech to grow), and how the same data set also provided a confirmation of the opportunities previously discussed (highlighted below).
Generally, I am cautious when it comes to drawing conclusions from industry surveys as it is impossible to know for certain if all respondents are interpreting the questions as we have constructed. Accordingly, it may be necessary to rely on multiple metrics or indicators that can potentially point to similar outcomes before drawing final conclusions. From this survey, the opportunities may lie in expanding usage of cloud-enabled Technologies, AI, IoT, blockchain and robotics, if they can be leveraged to create financial gains for the organization. As a security professional, I recommend developing further knowledge of AI, IoT, blockchain/digital currency and robotics, as those are very likely to mainstream in the near term.