There is a palpable feeling of uncertainty within central IT departments. Digital disruption is sparing no industry, and IT is still adapting to its more complex role in the enterprise, so there is plenty to be anxious about.

To get a jump on the year ahead, we asked several CTOs, CIOs, and IT leaders about what keeps them and their colleagues awake at night. The top issues—including perennials such as security, staffing, and skills training—should come as no surprise. The good news is that shining a light on these challenges is the first step toward overcoming them.

Here are the 10 most common central IT concerns for 2017, directly from the mouths of IT pros. This was an unscientific poll, and responses aren’t ranked in any specific order, but the list represents the issues that were most frequently and vehemently mentioned.


1. DevOps data breaches

This past November, a data breach at U.K. recruitment firm Michael Page exposed the personal information of 780,000 clients. Hackers accessed the data on a development server used by the firm’s IT provider. Parenting retailer Kiddicare and the American College of Cardiology also had private data stolen from testing environments this year.

Such incidents have many IT leaders concerned that oversights in their DevOps implementations could be the newest avenue for major data breaches in 2017. DevOps is rapidly emerging as the weak link in the security chain, according to some reports. In the rush to continually innovate and deliver, DevOps teams may introduce vulnerabilities by overlooking or dismissing company security standards. A recent survey found that 80 percent of teams aren’t doing any security testing at all during development. And organizational barriers between developers and security teams prevent the latter from enforcing policies. With 75 percent of organizations looking to satisfy their need for IT speed and agility in the coming year, the outlook is disquieting

To meet this new challenge, companies will need to apply security within the DevOps process, ensuring compliance with internal and external security rules without slowing down the primary mission of the DevOps team, says Reuven Harrison, co-founder and chief technology officer of Tufin, a security policy orchestration company.

This will be a challenge, as security is not inherently baked into a DevOps culture of ‘move fast, break stuff. We may see a major breach that gets tracked back to the DevOps approach, causing DevOps and security teams to become new best friends.



2. Security skill gaps

One of the most alarming security threats companies will face in 2017 will strike from within their own IT departments. The widening security skills gap leaves many of them perilously undermanned in the face of unremitting network attacks, according to a Spiceworks IT security report. And employers’ surprising reluctance to invest in security training all but ensures the gap will become a yawning chasm.

Increasing complexity has made protecting the enterprise network more difficult today than in the past. Since the security skills gap will pour into 2017, we expect automation to really take off in an effort to decrease manual, mundane responsibilities and regularly performed duties, and help shorthanded IT pros focus on what really matters.



3. The race to adopt AI 

Artificial intelligence (AI) isn’t just a hoary sci-fi trope. It’s poised to become a nearly $37 billion global industry by 2025, with AI investment predicted to grow by 300 percent in 2017, according to Forrester Research. This year alone, Amazon, IBM, Microsoft, and Salesforce have all released applications with AI capabilities.

Our appetite for data has grown to the point where humans alone can no longer effectively manage it. AI—which encompasses technologies such as deep learning, machine learning, and predictive and prescriptive intelligence—can be a big assist, giving business users previously inaccessible insights into the enterprise. Other AI applications can rewrite daily work practices, reducing workloads and increasing productivity, says Zach Holmquist, co-founder and CTO at Teem, a cloud-based platform that provides real-time analytics to help companies optimize collaboration.

AI adoption makes this list because it’s being driven by the line of business at this point, but it’s falling on CIOs to get it done. That means playing catch-up in terms of understanding the technology, determining where it fits in the organization, and most important, figuring out how to prioritize thin resources to get it all done.

But the alternative is even more troubling. Holmquist notes that more than half the companies in the Fortune 500 have dropped off that list over the past 15 years due to failure to adapt to digital business models.

As [AI] becomes more mainstream, early adopters will see a boom in creativity, productivity, and success in 2017. On the flip side, companies that struggle to adopt AI-powered solutions may be vulnerable to competitors outperforming them.



4. Securing the IoT

In October, a series of distributed denial-of-service (DDoS) attacks rendered several popular websites and services, including Twitter, Spotify, and PayPal, inaccessible for the better part of a day. The strikes targeted Dyn, a DNS provider. The company determined that at least part of the DDoS traffic came from Internet of Things (IoT) devices infected with the Mirai botnet malware.

Not surprisingly, the magnitude of this disruption has made IoT security a top concern for many companies. More than 40 percent of organizations are currently using or planning to adopt IoT, according to Gartner, with a growing shift toward consumer-facing implementations. Consider that, according to research from Ponemon, almost 70 percent of companies are unsure they could rebound from a cyberattack and the average cost of a data breach totals $4 million, and you’ve got the script for a real horror show.

The IoT is only as secure as the network it lives on, Holmquist says, and “recognizing this threat, companies will [have to] step up their security practices to counteract IoT targeted attacks.”

Almost 70 percent of companies are unsure they could rebound from a cyberattack and the average cost of a data breach totals $4 million.


5. Generations colliding

The workplace is on the precipice of a historic power shift. More than 3.6 million baby boomers are set to retire, and one-fourth of millennials will soon be promoted to management positions, roles they lack the people skills and emotional quotient to perform effectively, according to Randstad research. Add in the imminent entrance of Generation Z (those born between 1994 and 2010) into the workforce—a group that seems to only amplify the paradigm-shifting perspectives of its generational predecessorand you’ve got the makings of serious organizational upheaval.

Expect the younger generations’ influence to manifest in early adoption of emerging technologies, greater integration of social media, and the desire for increased work flexibility, all of which will dramatically impact IT. And with millennials increasingly overseeing their older boomer and Gen X colleagues—who generally feel the young cohort is unprepared and ill-equipped to be their bosses—all corners of the organization, including IT, will have a potentially combustible brew to manage.


6. Scarce resources

Not all the challenges IT will face in 2017 are new. With the percentage of central IT departments claiming to be understaffed increasing year over year, dwindling resources have gone from being noteworthy to becoming the new normal.

CIOs and IT departments will continue to feel mounting pressure to get more done and with an ever-shrinking budget. They’ll need to turn to BYOD strategies, cloud technologies, automation, and other cost-effective solutions to relieve their overburdened departments, says Peter Merkulov, vice president of product strategy and technology alliances at Globalscape, an information exchange software and services company.

In the end, technology efforts have to become more business focused, where CIOs are moving away from the total cost of ownership concept to a model where technology is evaluated not just on price, but as a business enabler that creates value and differentiation for business.



7. Defending borderless networks

Security is a perennial concern for IT, but the past two years have hit the industry with some of the biggest data breaches ever, and there’s no reason to believe the trend won’t continue into 2017. Protection grows more problematic as an increasing array of connected devices erodes the idea of a fixed network edge. It’s enough to make any IT pro reach for the Ativan.

The new year will bring only more devices to secure, so the daunting challenge will continue to be how to do that without hobbling the flexibility and increased productivity these devices enable for their users.

“One of the most overlooked security strategies for protecting the ever-expanding virtual perimeter is network segmentation and isolation,” says Jean Turgeon, chief technologist at Avaya, a business collaboration and communications solutions provider.

A good network segmentation security strategy will provide businesses the ability to create stealth segments that span the entire network—cloud-based and on-premises.



8. Fragile “Frankenstacks

Many IT departments are still operating with platforms of cobbled together, loosely connected, open-source components. The long-term viability of these “Frankenstacks” will need to be addressed in the new year, says Bill Bodin, CTO of Kony, an enterprise mobility solution provider. Otherwise, like the monster they’re named after, these creations will eventually turn on their masters with disastrous consequences.

“Companies that allow their developers to patch together their own pseudo-platform from a collection of poorly integrated open source projects are actually taking on huge risks in terms of expense and value,” he says. “Sooner or later the Frankenstack framework will start to collapse under the mounting pressure of keeping all of the disparate components integrated, secure, and up to date.”

The accelerating pace of innovation and the growing demand for enterprise mobile apps may be the breaking point that pushes many IT departments to abandon this hybrid approach.

In 2017, it will be imperative for organizations to get smart and seriously turn to a pre-integrated, full-stack mobile development platform that can take the drudgery and risk of maintaining a mobile back end off their hands.



9. Footloose talent

Employees’ attitudes toward their jobs have changed significantly over the past decade, and talent retention data isn’t encouraging. Roughly one-third of new hires quit their jobs after about six months, according to BambooHR. About the same percentage know within the first week if they’ll stay with their employer long term. Management isn’t immune to job ennui, either: About a third of leaders at companies with more than 100 employees are currently looking for their next gig.

Driving much of this early defection is a changing work ethos, one which IT leaders should heed lest they hasten the shrinking of their already diminishing staffs.

“In contrast to the past–from the late industrial era into the early computing era–today’s most sought-after talent operates like Renaissance artisans,” says Mark Bregman, CTO of NetApp, a storage and data management solutions provider.

They thrive by pursuing projects that promise discovery, growth, and industry recognition. For technology leaders, this means old notions of attracting and retaining talent are outmoded. In the new mode, they must engender projects and environments that attract creativity and talent.



10. Managing multi-cloud deployments

The proliferation of cloud-based services has made it easier than ever to bring together geographically dispersed teams and empower them to work together more creatively and effectively.

To meet the demands of this new workplace model, existing corporate data centers will need to evolve into a combination of on-premises, collocated, and multi-cloud environments, says Tony Bishop, vice president of global vertical strategy and marketing at Equinox, a global provider of interconnected data centers and solutions.

Multi-cloud deployments combine best-of-breed solutions and services from different cloud providers, tackling vendor lock-in and flexibility issues at the same time. CIOs will also have to address the need for a geographically distributed infrastructure to serve a global customer and employee base. CIOs will be consistently challenged to not only construct the right multi-cloud architecture, but also to distribute, shape, service, and secure it on an ongoing basis.


What concerns you in the coming year?

While you might share many of these concerns, this is hardly an exhaustive list of the issues likely to vex IT leadership in 2017. Please comment if you and your team have concerns that aren’t mentioned here. Chances are another reader has some insight to help you tackle your troubles.


Top IT concerns for 2017: Lessons for leaders

  • Security is a perennial concern and must continue to be prioritized in 2017.
  • Staffing issues such as retention and keeping skills current will be significant challenges, especially for growing companies.
  • A convergence of disruptive, complex technologies—including big data, IoT, the cloud, and AI—could overwhelm unprepared CIOs.