ETR Insights presents an interview with the Director of IT for a large energy enterprise, who details the challenges of managing IT in the energy sector amid inflationary pressures, international cyberattacks, and shifting industry trends. This executive expresses frustration with the substantial price hikes from large tech companies, while the value and effectiveness of their products and services diminish. They are integrating zero trust, AI, and data analytics into their operations, but remain skeptical of overhyped trends like blockchain, the metaverse, or quantum computing. The company’s cloud adoption is in flux, as AWS and Azure fail to live up to expectations. A public target as a petroleum firm, they note an uptick in cyber-attacks, both international and domestic. Our guest highlights standout vendors Cato Networks, Zscaler, and Pure Networks; read on to learn their perspective on the recent Okta breach, the need for thorough diligence and significant expertise before moving to a public cloud, and why improved endpoint protection and network edge security will be key to ward off increasingly sophisticated AI-aided attacks.
Vendors Mentioned: Amazon (AWS) / BeyondTrust / Cato Networks / Cisco / Cloudflare / CrowdStrike / Databricks / IBM / Microsoft / Okta / OpenAI / Oracle / Palo Alto Networks / Pure Networks / SentinelOne / Snowflake / Trend Micro / Zscaler
Budget Overview
The energy sector is particularly sensitive to weather patterns like El Niño, which can impact emerging pricing and influence budgeting decisions. Our guest is expecting a modest slowdown in IT investment on concerns around weather, though overall continued growth. “The last three years, we've been punching about 15% growth in budget. This year, we're slowing down right now because El Niño's created some caution, but our planned budgetary increase is probably 12% to 13%.” This growth is driven in large part by acquisitions—integrating these acquisitions often requires substantial investment in IT infrastructure—and investing in new data analytics technologies and platforms. “We're also looking at zero trust and things like that, pushing that edge security point out to the desktop for remote access users, especially.”
Highlighted Guest Commentary
Inflation. This company is frustrated by companies like Microsoft, IBM, and Cisco, who have responded to economic conditions by raising prices well beyond standard inflationary increases. “In the past, we saw 5% increases year over year from a maintenance standpoint. Now we're seeing 15%. It's pretty frustrating getting the same product; they typically have reduced staff and reduced their effectiveness, and we're paying more for it.” They are considering moving to third-party maintenance providers, like a Service Express.
International Conflict + Cyberattacks. Our guest confirms a noticeable increase in nation state cyber-attack attempts, particularly routed through countries like Brazil that are not otherwise restricted. “We geofence off Russia and China, but we do see other countries being used to bounce those attacks through.” They have concurrently seen an uptick in US and Canada-based attacks. “We do see a definite uptick, and particularly with ‘oil’ in our name, we get targeted like banks. Banks and petroleum companies are two big ones.” That said, their progressive security stance and layered approaches has proved effective to date, and even earned them a reduction in cyber insurance premiums. Vendor-specific insurance requirements are being relaxed. “[Cyber insurance companies] have gotten a lot more mature and are asking better questions. They have longer lists of potential vendors, and they've left open areas to say if it's somebody else, please explain who it is and what they do.”
Anticipated 2024 Industry Trends. Our guest proposes zero trust, artificial intelligence, and data analytics as most pivotal, in line with ETR data. In particular, they have concerns regarding implementation challenges around AI. “I think IT departments still struggle with how we're going to utilize AI from a technical perspective, like reducing technical debt, increasing services, or increasing zero trust. The vendors out there are still not what I'd call very mature; they have a lot of machine learning, but they don't have a lot of true AI built in.” Interest in web application security is also picking up.
Overhyped Trends. Blockchain, from our guest’s perspective, offers limited benefits. “We do a logistics part of that, but we don't really have blockchain needs.” They acknowledge the potential of AI but believe current excitement exceeds its practical value, and underscore the need for a pre-defined data security framework. “Am I going to have to build my own rails? Because if I am, it's probably never going to get done. I need a vendor to provide me a solution that has rails built in.” They offer no updated view on the metaverse or quantum computing, two other trends described as “overhyped” in last year’s survey results. “I haven't heard the hype on those as much.”
Cloud Adoption. The conservation addressed into the slower-than-anticipated adoption of cloud workloads, and a consistent gap between expectations and reality in cloud workload utilization. Our guest theorizes that users have underestimate the complexity of any transition; they themselves have been dissatisfied with many public cloud services, and having bounced between providers and are even considering a private cloud. “We were moving away from AWS into Azure, to leveraging Microsoft in other areas. Power BI in the cloud happened pretty quickly, but then when we say we want to leverage Power Apps, it’s much slower.” They are presently evaluating Databricks and Snowflake. “I think the biggest thing that I see is there is a tremendous amount of diligence to do prior to moving to a public cloud, there is a tremendous amount of technology to try and understand, and then there's probably a pretty considerable lag in expertise on your team.” Any shift in expertise from on-premise to cloud skills is time-consuming and adds to the existing workload of the staff. Further challenging any adoption is our guest’s preference for CAPEX over OPEX. “For a cash-heavy company like us with no debt, that's not that attractive. We can spend millions of dollars on CAPEX, and it barely affects us.”
Security Trends. Our guest emphasized the growing sophistication of AI-aided attacks. “One of my big concerns about AI is how quickly and efficiently it can be leveraged by malefactors, whereas trying to leverage similar defenses takes much more time, effort, and expense. Your average malefactor’s ability to do a more refined attack goes up dramatically with simple AI capabilities, whereas ours does not.” This trend will necessitate stronger endpoint protection and more robust network edge security. “We've already got multi-factor authentication on everything, and two layers of multi-factor authentication on critical systems. I think the next natural stage is a true improvement in endpoint protection, and then secure edge [for] cloud or virtual networking.”
Okta Breach. "I saw things in Okta I was not comfortable with.” Prior to the breach, our guest was already dissatisfied with the company's responsiveness to customer feedback and technical concerns. “We removed Okta a year-and-a-half ago or so and went to another provider for single sign-on.” Microsoft Azure's single sign-on capabilities have matured significantly and offer a cost-effective alternative; BeyondTrust has a comprehensive product suite and high customer satisfaction, and are well-positioned to capitalize on Okta’s breach. “I could also [see] someone big like Cisco grabbing them. Cisco's products are pretty limited, and they tend to be one of those that likes to gobble up. I think you're going to see a lot of these companies that are doing well being contenders for other people to pull market share in.”
ETR Data: In the JAN24 Technology Spending Intentions Survey (TSIS), Okta (and Auth0) garnered 459 unique respondent citations stating a spending intention for the vendor. In aggregate, that spending intention Net Score came in at 35%, which is a new all-time low for the vendor. While still above average for the information security sector as a whole, the declining trajectory is evident. In addition, this survey period captured the highest historical level of negative spend intent, with both decreased spending and Replacement indications reaching all-time highs. This is a trend that warrants future monitoring.
Standout Vendors. Cato Networks and Zscaler offer competitive, comprehensive solutions. “I have used Zscaler before at a different company and loved it, but depending on what we're going to use it for, Cato has a little more complete solution. Those are the two that I'm most excited about because I think we get the most bang for the buck.” Pure Networks is a leader, particularly in SAN storage latency, and has otherwise earned our guest’s business with consistently positive experiences. “Rubrik is good. We’re also a Veeam shop, which we use in conjunction with Pure. Then Cohesity. Those are all really good products and good players.”
Log in to the ETR research platform for all the details from this interview, and view the entire 7-part series of 2024 Enterprise Tech Trends interviews. While you're there, check out 13 years' worth of historical data tracking industry and vendor-level competitive intelligence and spending directionality. Not yet a subscriber? Get started with your own free trial today.