Hello and welcome to Protocol Enterprise! now: Enterprise software budgets don’t appear to be suffering amid economic concerns, but priorities are changing; what we can learn from the massive Optus data breach; and this week on enterprise moves.
Shop till you drop
The macroeconomic environment for enterprise software has not been good. SaaS giants like Salesforce, UiPath, and Twilio have been forced to lower their guidance, freeze hiring, or lay off staff, and some have seen their stock drop as a result.
But the need for IT tools and technologies that can help businesses with digital transformation has not abated, as executives at ServiceNow, Atlassian, and SAP told me. Even with all the chaos, the market for software is still, surprisingly, hot.
In other words, CIOs, CISOs, and CTOs are still spending money. Nearly 60% of tech leaders featured in Battery Ventures’ latest Cloud Software Spending Survey are already spending more than $100 million on infrastructure, applications and data, and the majority plan to increase their tech budgets.
Security and data are top of mind and budget for technology leaders.
- The majority of security and data budgets are between $1 million and $5 million, with the highest percentages of spending going to network and data security and warehouses, respectively.
- In both categories, about a third of technology leaders plan to increase their budgets by 10% or more over the next five years.
AI and machine-learning budgets are smaller, but will grow.
- While most AI/ML budgets are below $1 million, 68% of technology leaders plan to increase spending within the next year.
- Most of those budgets go toward data collection, model building, and data cleaning, which may indicate an appetite for developing more sophisticated AI/ML tooling in the future.
Cloud spending is showing positive signs, but the enterprise tech market is not entirely clear. Tech leaders are still cautious about their spending.
- As Salesforce CIO Juan Perez pointed out at Dreamforce last week, tech leaders are looking more closely at return on investment.
- That’s because about 67% of tech leaders have yet to see a significant return on their cloud investments, as reported by The Wall Street Journal.
A word I hear all the time as I have discussed that tech leaders “prioritize.” Spending isn’t going away, but it’s changing. Being on the right side of that spend can be make-or-break in this environment.
— Aisha is counting (email | nervous)
A MESSAGE FROM WEST MONROE
Digital is an ongoing process, not a destination. West Monroe knows that becoming a digital organization requires a mindset shift that affects processes and employees at all levels, and that success can be achieved if the organization is aligned with a clear vision.
Learn more
When a big hack isn’t really a hack
The use of application programming interfaces has grown exponentially as all kinds of companies have become software providers, with API services enabling much of the core functionality for modern apps and websites. But in some cases, APIs are also a great way to easily disrupt a major company, as was reportedly the case with Australian telecom Optus.
The data exposed in the recent breach of 9.8 million customer records included driver’s licences, passports and Medicare ID numbers, and Optus tried to characterize the cyberattack as “sophisticated”. But according to the Australian minister for cybersecurity, Clare O’Neil, it’s actually a good “basic“attack.
The incident reportedly started with the attacker accessing an API server that was not protected by any type of authentication. “This should be a wake-up call for many organizations about how easily this data can be obtained,” said Nick Rago, field CTO at API security vendor Salt Security.
It appeared the API in question was indeed “doing what it was supposed to do” when it called Optus’ customer records, Rago told me. That means the API was not “hacked” in any sense of the word, but was only used for an unintended purpose.
It’s also likely that Optus doesn’t know about the existence or functionality of this particular API. There appeared to be “a lack of visibility and a lack of governance, in terms of not knowing that this API existed in the first place and why it was exposed in this way,” Rago said.
In general, it is recommended that enterprises take a layered approach to protecting APIs, using a firewall or API security product, identity authentication, authorization for data access management, and encryption for on sensitive personal data, said Yotam Segev, co-founder and CEO of data security vendor Cyera. “Optus seems to have failed on every front.”
— Kyle Alspach (email | nervous)
Business moves
Jason Child left his role as Splunk’s CFO. Child will remain at Splunk until November, before joining a pre-IPO semiconductor company.
Lisa Krueger joined Yellowbrick as VP of customer success. Krueger was previously director of customer success at Couchbase.
— Aisha is counting (email | nervous)
A MESSAGE FROM WEST MONROE
Digital is an ongoing process, not a destination. West Monroe knows that becoming a digital organization requires a mindset shift that affects processes and employees at all levels, and that success can be achieved if the organization is aligned with a clear vision.
Learn more
Thanks for reading — see you tomorrow!