Check out all the on-demand sessions from the Intelligent Security Summit here.


Nearly all of us make — or at least at one time or another have made — New Year’s resolutions. (Whether we keep them or not is another story.) 

And, CIOs and other tech leaders should be making resolutions, too, said John Roese, global CTO at Dell Technologies.

As he told VentureBeat, many tech experts are making predictions for 2023 — on anything from CX platforms to AI large language models to the evolution or devolution of hybrid work — but that’s not enough. 

While “literally every technology continues to evolve and that’s not surprising,” tech leaders must commit to action, said Roese.

Event

Intelligent Security Summit On-Demand

Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.

Watch Here

Here are five resolutions every tech leader should make — and achieve — in 2023, according to Roese. 

1. I will not use cloud without understanding long-term costs

This one “sounds so obvious,” said Roese, but there’s a distinct pattern of organizations experiencing sticker shock as a result of incorrect cloud deployment. 

“You know your multicloud strategy is immature when you’re surprised by the bill,” he said. “That shouldn’t happen. The reason it happens is people generally have not focused on the long-term economic cost of cloud services.” 

This is because many cloud decisions are made based on emotion or technology needs, he said, or simply the pressure to push to the cloud.

But instead, cloud deployments should occur after cost-benefit and strategic analysis. “People didn’t do that; they just moved,” said Roese.

And, he emphasized, “you can do very wrong if you put the wrong functionality in the wrong cloud.” 

For example, every AI project has three stages: development, training and production. Development is best done in the public cloud, while training is a workforce exercise and inferencing is best done in edge environments. 

Predicting in the public cloud is a “terrible idea,” he said, because data has to constantly be moved, resulting in ingress and egress charges. 

“If you are running all your AI in one cloud, you’re actually doing it wrong,” said Roese. 

Instead, CIOs must have a level of sophistication in understanding different cloud environments. They need to think strategically about how to distribute IT capabilities across different cloud types and providers. Be detailed about which problem, and for which capability, the cloud is intended to solve, he advised. Then, fully identify short- and long-term costs. 

This can help CIOs target workloads to “the right long-term home,” he said. It also enables them to evaluate new cloud options and identify potential cost reductions over time. 

Simply put, “you need to get in front of this,” said Roese. 

2. I will define my zero-trust control pane

Zero trust is no longer just a concept; it will soon be a requirement. Frameworks such as those set forth by the U.S. government will “have a global ripple effect across critical infrastructure industries,” said Roese. 

The ZT concept is “complex, difficult, hard to do, and there are almost no real world examples yet,” he said, but “we have to get there, even though it’s hard.” 

Undoubtedly it will be a long, multiyear shift, but it’s important to prepare now and ensure that control panes are in order. Have an authoritative identity management, policy management and threat management framework to do zero trust properly, said Roese.

Don’t just randomly choose tools; security must be “consistent and common.” 

“This is a very tactical move,” said Roese. Zero trust “completely bends the curve when it comes to your cyberposture.”

3. I will establish early skill sets to take advantage of quantum

We’re seeing many new theoretical use cases for quantum computing — and just about every industry (if not all) will find it useful in some way. 

Capabilities of quantum computers are “doubling and doubling again,” he said, and are currently in the hundreds of qubits range.

To take advantage, “you need to know who on your team is understanding quantum and actively applying it to the business,” said Roese.

Identify the team, tools and tasks you’ll devote to quantum and start experimenting. This will set teams up to more quickly learn new languages and capabilities of quantum, which will be critical in 2023, said Roese.

In fact, the technology is evolving so rapidly, he noted, that “I would not have made that recommendation three years ago.”

4. I will determine where my quantum-safe cryptography risks lie

Still, while quantum presents great opportunities, there will be threats, too. 

Attacks are coming from nation-states and bad actors actively trying to capture and archive encrypted traffic, said Roese. And, while they aren’t decrypting it yet, they are gathering and storing data on the assumption that when they have a sufficiently powerful quantum computer, they will be able to. 

Case in point: In 2022, the National Institute of Standards and Technology (NIST) selected the first few viable post-quantum algorithms, and these will begin to emerge in 2023.

So, now is the time to inventory crypto assets and identify which encrypted data is most exposed to public networks and possible capture by bad actors. By knowing where your organization is using cryptography and where the risk is, you’ll know where to start when tools become available to change algorithms, said Roese. 

5. I will decide what my multicloud edge architecture needs to be

There’s no doubt that edge is expanding rapidly in a multicloud world. Still, because it is such a new technology, people are building it out “randomly” and without strategy, said Roese. 

2023 is the year where CIOs must explicitly define their edge strategy for multicloud; if they don’t, there will be a “chaos of random acts of edge.” 

There are two options: The first is to treat edges as extensions of clouds. This model is common today, with each cloud having an equivalent edge (for example, GPCP-Anthos, Azure-ARC or AWS-EKS). And, this can work well if you only have one or a few clouds.

But what if you have many? 

This leads to option 2: Treating edge as a platform for all clouds to share. The industry is beginning to build out a stable, shared edge platform that can be used by any software-defined edge (for instance, ARC, Anthos, EKS, IoT apps, data management tools). 

Even though multicloud edge platforms are just emerging, it’s critical to make a decision now on what you want your edge to look like in the future, said Roese.

“Getting edge right and making decisions about architecture is a decision that has to happen,” he said. 

Ultimately, Roese noted of all of these resolutions: “These are not just nice to know; leaders have to make conscious decisions about them. If they don’t, they may find themselves in uncomfortable situations.” 

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.