Hello and welcome to Protocol Enterprise! Today: enterprise software budgets don’t appear to be suffering amid economic worries, but priorities are changing; what we can learn from the enormous Optus data breach; and this week in enterprise moves.
Shop till you drop
The macroeconomic environment for enterprise software hasn’t been kind. SaaS giants like Salesforce, UiPath, and Twilio have been forced to lower their guidance, freeze hiring, or lay off staff, and some have watched their stock drop as a result.
But demand for IT tools and technologies that can help enterprises with digital transformation hasn’t waned, as executives at ServiceNow, Atlassian, and SAP have told me. Even with all the tumult, the market for software is still, surprisingly, hot.
In other words, CIOs, CISOs, and CTOs are still spending. Nearly 60% of tech leaders featured in Battery Ventures’ latest Cloud Software Spending Survey already spend more than $100 million on infrastructure, applications, and data, and the majority plan to increase their tech budgets.
Security and data are top of mind and budget for tech leaders.
- The majority of security and data budgets fall between $1 million and $5 million, with the highest percentage of spend going toward network and data security and warehouses, respectively.
- Across both categories, around a third of tech leaders plan to up their budgets by 10% or more over the next five years.
AI and machine-learning budgets are smaller, but will grow.
- Although most AI/ML budgets are less than $1 million, 68% of tech leaders plan to increase spending within the next year.
- The majority of those budgets are going toward data collection, model building, and data cleaning, which could indicate an appetite for building more sophisticated AI/ML tooling in the future.
Cloud spending shows positive signs, but the enterprise tech market isn’t entirely in the clear. Tech leaders are still being cautious with their spend.
- As Salesforce CIO Juan Perez pointed out at Dreamforce last week, tech leaders are looking at return on investment a lot more closely.
- That’s because approximately 67% of tech leaders have yet to see a significant return on their cloud investments, as The Wall Street Journal reported.
One word I’ve heard consistently as I’ve talked to tech leaders is “prioritize.” Spending isn’t going away, but it is shifting. Being on the right side of that spend could be make-or-break in this environment.
A MESSAGE FROM WEST MONROE
Digital is an ongoing process, not a destination. West Monroe knows that becoming a digital organization requires a mindset shift that will impact processes and employees at all levels, and that success can be achieved if the organization is aligned toward a clear vision.
When a huge hack isn't really a hack
The use of application programming interfaces has grown widely as companies of all sorts have morphed into software providers, with API services enabling much of the key functionality for modern apps and websites. But in some cases, APIs are also a great way to easily breach a major company, as reportedly happened with Australian telecom Optus.
The data exposed in the recent breach of 9.8 million customer records includes driver's licenses, passports, and Medicare ID numbers, and Optus has tried to characterize the cyberattack as "sophisticated." But according to Australian minister for cybersecurity, Clare O'Neil, it was actually a pretty "basic" attack.
The incident reportedly started with the attacker accessing an API server that was not protected with any type of authentication. “This should be a wake-up call for a lot of organizations about how easy it was to get this data," said Nick Rago, field CTO at API security vendor Salt Security.
It appears that the API in question was actually "doing exactly what it was meant to do" when it called up the Optus customer records, Rago told me. That means the API wasn't "hacked" in any sense of the word, but was just used for an unintended purpose.
It's also likely that Optus didn't even know about the existence or functionality of this particular API. It appears there was a "lack of visibility and a lack of governance, in terms of not knowing this API existed in the first place and why it was exposed in this manner," Rago said.
In general, it's recommended that businesses take a layered approach to protecting APIs, using a firewall or API security product, identity authentication, authorization for governing access to data, and encryption for sensitive personal data, said Yotam Segev, co-founder and CEO of data security vendor Cyera. "It appears that Optus failed on every front."
— Kyle Alspach (email | twitter)
Enterprise moves
Jason Child left his role as CFO of Splunk. Child will remain with Splunk until November, before he joins a pre-IPO semiconductor company.
Lisa Krueger joined Yellowbrick as VP of customer success. Krueger was formerly a director of customer success at Couchbase.
— Aisha Counts (email | twitter)Around the enterprise
VMware and Mandiant warned VMware customers that hackers are taking advantage of hypervisor flaws to install backdoors that can allow access to lots of virtual machines.
New number just dropped: Researchers were able to build a chip using posits, a type of number that’s said to produce results four times more accurate than floating-point math.
A MESSAGE FROM WEST MONROE
Digital is an ongoing process, not a destination. West Monroe knows that becoming a digital organization requires a mindset shift that will impact processes and employees at all levels, and that success can be achieved if the organization is aligned toward a clear vision.
Thanks for reading — see you tomorrow!