Like everything else in technology, the world of developers was turned upside down by AI in 2023. In a tech landscape brimming with anticipation, 2024 promises a paradigm shift for developers worldwide.
Another unpleasant hallmark of 2023 is its reputation for human error in costly security breaches. Verizon’s 2023 Data Breach Investigations Report declared that the human element is prominent in 74% of all breaches.
Mistakes such as privilege misuse, accidental data exposure, and falling victim to social engineering attacks stem from various human factors and the critical consequences of the compromise of secrets, lamented Ev Kontsevoy, CEO & co-founder at Teleport, developer of the Teleport open infrastructure access platform.
This prevalence of issues has resulted in organizations embracing biometric hardware and identity verification. But attackers, rather than solely fixating on stealing passwords, are now actively seeking a range of secrets embedded within an organization’s infrastructure, including browser cookies, private keys, API keys, and session tokens, he offered.
“To keep up with the pace of threats, organizations will recognize they must move to fully secretless authentication in 2024 to secure the wider spectrum of sensitive access points still vulnerable to threats,” Kontsevoy told TechNewsWorld.
He predicted that the widespread adoption of secretless access in the coming year will create immunity to human error and significantly hamper threat actors’ operations.
Forecasting Changes in Development and IT Security
Kontsevoy pulls no punches in describing the changing events software developers will have to execute. A significant change will involve a historic shift in how companies approach network security. Gone will be the IT-centric strategy of dedicated security teams.
“We’ll see the role of security teams shifting to those of consultants and auditors, with engineering teams responsible for choosing vendors and implementing security protocols,” he added. “Cybersecurity teams will be responsible for policy and ensuring that workflows and systems meet security requirements.”
According to Yoav Abrahami, chief architect and head of Velo at website building platform company Wix, we are in the midst of a massive information revolution sparked by OpenAI, and artificial intelligence tools will continue to augment other developer integrations, he shared.
These will include innovations in DevOps, data mining, and project management. Core web vitals will become more critical, forcing developers to put more emphasis on it, he observed.
“Developers are shifting from their local workstation to a cloud workstation. Those who make the leap will stay ahead of the curve,” he told TechNewsWorld.
Diminishing Role of Legacy Platforms
Leaders at Digibee see three major shifts for developers this year:
Low code will become increasingly popular as the AI boom continues.
Integration will reinforce better organizational design.
Legacy systems will be obsolete.
Parallels exist between AI and low-code use cases and adoptions. AI is helping organizations and individuals to analyze, interpret, and manage massive data sets, create initial drafts of content, find answers to questions, and read medical images such as X-rays, according to Digibee CTO Peter Kreslins.
AI is skyrocketing across all use cases. Similarly, low code removes much of the burden of writing actual code.
Providing high-level direction takes much less time, which low-code systems convert to code – similar to how generative AI systems, such as ChatGPT and Dalle-E, save time producing text or images based on high-level direction.
“As organizations look to expand software development to citizen developers to increase productivity and agility and to free developers to focus more on system design and architecture and less on coding, low code enables such initiatives. Therefore, we expect the use of low code will also increase in 2024,” Kreslins told TechNewsWorld.
Emerging IT Integration Practices
Legacy systems will become much less in existence in 2024. They can be described simply as systems that are in place and working.
“That is a reasonable but perhaps too charitable description. The reality is that legacy software is a substantial barrier to innovation and change,” Kreslins said.
The capability of modern integration platforms to integrate legacy systems with current systems enables organizations to continue using legacy systems that perform well as part of their modern IT stack if they prefer.
“Legacy systems are becoming obsolete, but they are expensive to replace in industries such as financial services, so integrating them prolongs their use and enables them to support innovation and change,” he noted.
Full Speed Ahead for AIOps
Artificial intelligence for IT operations, or AIOps, will play a critical role for developers this year. AI adoption is growing exponentially, and with AGI and technological singularity still in the distant future, humans will be a vital part of the AI story, according to Shahid Ahmed, group EVP of new ventures and innovation at NTT.
“Organizations must look beyond the next year to ensure they have the capabilities to enable new technologies of the future and strive to hit sustainability targets, he told TechNewsWorld.”
With the speed at which AIOps has advanced, the idea of a completely automated, lights-out network operations center (NOC) is quickly becoming an ideal. Ahmed predicted that over the next 12 months, networking companies will further embed AIOps into their broader operations to improve network quality, support engineers, and modernize infrastructures.
He expects this concept of Dark NOC will enter the lexicon of the networking world this year. While automation lies at its heart, human talent will be key to making it a success.
“Network providers will need to focus on upskilling, as well as ensuring they have made the necessary preparations from a technological standpoint – from standardizing APIs to optimizing data processes,” he added.
Devs Embrace Hands-On Security Innovations
Malicious actors will continue to target the software supply chain, realizing the ROI of compromising a single key target that has many downstream consumers, predicted Chris Hughes, chief security advisor at Endor Labs and cyber innovation fellow at CISA.
Attackers continue to realize it is far more effective to attack a single software supplier on the proprietary front or widely used open-source software (OSS) library than targeting individual organizations.
“In 2024, we will continue to see an uptick of software supply chain attacks as malicious actors look to capitalize on the complex and overlooked software supply chain
attack surface that most large enterprise environments have,” he told TechNews.
This reality will drive a continued push for themes such as Secure-by-Design and software liability products. Hughes noted that platform providers will continue trying to drive systemic changes by making secure platform changes from which many can benefit.
“Software liability will continue to be a hotly contested topic. With many concerned it will stifle innovation while others say it is well past the time software suppliers are held accountable for the products they distribute to customers and consumers,” he argued.
Cases such as Progress Software’s MOVEit breach and class action lawsuits are examples of what may come for software suppliers and a rise in false claim cases.
Meta Maybe Makes Coders More Proficient
As 2023 slid out of existence, Meta announced its Purple Llama tool, empowering developers, advancing safety, and building an open ecosystem.
Purple Llama is an umbrella project featuring open trust and safety tools and evaluations meant to level the playing field for developers to responsibly deploy generative AI models and experiences in accordance with best practices.
“Organizations will be focused on applying cybersecurity best practices to protect models and invest in safeguards to keep AI systems protected at all stages of the AI lifecycle, to avoid unintended behaviors or potential hijacking of the algorithms,” Nicole Carignan, vice president of strategic cyber AI at Darktrace, told TechNews.
She added that the best approach to ensure AI safety varies, requiring the active collaboration of diverse global experts and perspectives.
“We anticipate international cooperation and engagement across the public and private sector will be crucial in achieving AI safety globally,” said Carignan.
Although the project is based on an offering from Meta, anything that can help reign in the potential Wild West is good for the ecosystem, added Gareth Lindahl-Wise, chief information security officer at Ontinue, a managed detection and response (MDR) provider.
“We will likely see similar offerings from consumer and corporate-focused providers, and we are already taking our first steps into a new area of due diligence,” said Lindahl-Wise.
Teaming Up To Meet Regulatory Pressure
Perhaps software developers will feel the push for cybersecurity more directly than their partners in IT jobs. Their industry will see more regulatory pressure, according to Teleport’s Kontsevoy.
“So much of the world is now controlled by or through software. As a result, world-renowned cryptographic experts like Bruce Schneier have advocated for increased regulation, even going as far as to say we need to start regulating software the same way we do air space,” he said.
While there is no silver bullet — and he does not recommend regulating all software like this — there are undoubtedly critical software systems comparable to airplanes in terms of the potential damage that may need that approach, Kontsevoy added.
It is no coincidence that Gartner predicts that 45% of CISOs will expand their remit beyond cybersecurity due to increasing regulatory pressure and attack surface expansion, he offered.
“Expect this trend to begin in the new year and quickly snowball over the next five years,” he predicted.