As every year, Gartner released their list of top technological trends in 2024. On a high-level some of these technologies will most likely serve your business and consumer needs. This blog will select a few trends, connect these to some (European) drivers of this change, and points to some of the area’s that will need attention in order to make this trend happen.

Gartner’s trends

Garner has of course its predictions for the top strategic technology trends in 2024 (see the image below). There are 3 main categories having overlapping trends:

• Protect Your Investment

• Rise of the Builders

• Deliver the Value 

Gartner’s view on the ‘Top Strategic Technology Trends 2024’

In this article we will focus on some of the trends in the ‘Protect Your Investment’ category. Our perspective is ‘to stay in business first’, and then enhance your operation. Gartner identified the following trends within this category:

• AI Trust, Risk and Security Management (AI TRiSM) Supports AI model governance, trustworthiness, fairness, reliability, robustness, transparency and data protection

• Continuous Thread Exposure Management (CTEM) A pragmatic and systemic approach to continuously adjust cybersecurity optimization priorities.

• Sustainable Technology A framework of digital solutions used to enable environmental, social and governance (ESG) outcomes that support long-term ecological balance and human rights.

• Industry Cloud Platforms Address industry-relevant business outcomes by combining underlying SaaS, PaaS and IaaS services into a whole product offering with composable capabilities.

• Democratized Generative AI The ability to create net new content (images, speech, text and more) and its widespread availability will democratize access to information and skills, making it one of the most disruptive trends of this decade.

In this article we will focus on the first three trends. 

Drivers of these trends

This year and before the European Government introduced quite some directives. Two of those are relevant for large organizations or organizations that are labeled some form of ‘critical’ to European society, are listed below.

• The Network and Information Security Directive (NIS2) This directive is applicable to two categories of sectors: ‘highly critical’ (think: energy and transport) and ‘critical’ (think: manufacturers of transport, ecommerce) It forces these organizations to have their responsibilities sorted out and their data and have their measurements in place and operational. Basically they need to be able to identify suspicious behavior in their systems, act accordingly, and be able to point to records that prove it was ‘business as usual’, prove it was an act outside their responsibility, and know what damage has been done, what information exactly left their control. This includes communication to the EU and individuals involved, where specific management roles are personally responsible.

• The Corporate Sustainability Reporting Directive (CSRD) This new directive modernizes and strengthens the rules concerning the social and environmental information that companies have to report. A broader set of large companies, as well as listed SMEs, will now be required to report on sustainability. Starting as a reporting directive, it will become mandatory for organizations to report on the sustainability progress made. It starts with measuring with the aim towards improving.

From the architecture perspective these directives are drivers to get the governance levels on par. Governance in terms of technology (for example: trace, store and be able to retrieve and act upon activity and traffic, technically measure the ecological footprint of an organization) and in terms of organization. These directives make it clear what kind of ‘director’ is responsible, or its legal obligations, it can be expected this person will put in place tooling to help prove his or her innocence, or how they are compliant.

What activity is actually driven?

Now we have two of the EU directives driving change and the technology trends of Gartner. What do these drivers influence in order to make these trends happen? One cannot just add some money into the AI TRiSM 'thing’. These ‘abstract’ Gartner trends are realized through more concrete value chain components ‘lower’ in the value chain.

A fruitful way of reasoning about this is the use of Wardley Maps. A Wardley Map shows (on the Y-axis) an Actor with a Need and a Value Chain that supports that need. Actually one can combine multiple actors, multiple needs and various trees of Value Chain components. The component closest to the actor is the most visible, the lower the ‘depends on’ relationship in the value chain, the more low-level the component. The X-axis is (in short) the evolution, how ‘new’ is the thing (more left) or how well defined and exchangeable is the thing (more to the right). 

The Wardley Map below shows an initial, high level ‘educated-guess’ how the trends of Gartner are supported/implemented by a subset of CTO/CIO priorities (gathered from from LinkedIn and CIO.com). These Gartner trends support the need for Governance & Security (Compliance) and dealing with the Organizational Responsibilities. In this particular case, the red arrows to the right are the named drivers that ‘push’ the maturity of these trends.

A Wardley Map from the viewpoint of CTO/CIO, in the context of the Gartner Tech Trends ‘24

Generally, organizations need to get their Governance/Security in place, on a broad range of facets of their IT operation. The European directives force the organizations to increase the maturity of the ‘Gartner trends’ mentioned. In order to increase this maturity, the underlying components or implementation of these capabilities must mature. The philosophy of the European regulations is that these force security and governance ‘by design’. In order to become compliant, organizations:

• Need to gain insight in their supply chain as well as their own IT operations. From a sustainability point of view as well as their security posture it becomes relevant to understand the supply chain. What  components do you implicitly trust, how do you deal with anomalies, how do you report on sustainability? What are the trends in the area’s of your suppliers? What are trends in your own components? This requires ‘data’ in order to get insight to report. It is unlikely all this data is already clearly available, comparable or even measured at all. Once you have this data, how do you improve next year on the data positions you hold today? Do you fully rely on your supply chain, or do you need to make an impact with your own IT operations as well? How do you determine the best strategic action balanced with your operations? Many questions, and a specific Wardley Map might help you get insight into your future possibilities, and at least have a discussion about how your IT structure actually works or contributes.

• Need to address their organizations and budgets. Responsibilities need to be appointed to roles, people are personally responsible for security and governance. This means that there needs to be a good enough baseline of security and insight for the daily ‘happy flow’ as well as plans on how to act in terms of a less happy flow. Possibly capabilities might be developed to harvest and analyze the metrics needed to prove the organization did its efforts to comply, and the responsible director is ‘off the hook’.

Action must be taken at concrete IT components that ‘implement’ the related capabilities (as stated in the CIO/CTO initiatives) in order to increase the maturity of these trends. Those are the likely next initiatives.

Consider increasing your observability of infrastructure as well as IT tooling (like auditing key activities) in order to be able to justify the use, (Cyber) Security, its security issues, and the proper way of working of all systems and algorithms. Most likely not all existing systems are up-to-par yet. This can contribute to a better CTEM as well as AI TRiSM position. 

If you need to work on Sustainable Technology, there are multiple strategies. If you would increase the use of cloud service, you can rape the benefits from the cloud provider becoming more and more eco-friendly. You can also evaluate what your organization can do by itself (not drawn in the map). Drive electric cars, reduce weight of packages/shipments, change towards a ‘greener’ datacenter or greener software. How do you measure the impact on the environment? Include it in your map, and you can more easily have discussions with your organization about alternative scenarios.

Reducing Risk is always top of mind in the realm of governance. Current IT landscapes have grown more and more complex over time. Reducing complexity in these landscapes (e.g. simplify) will make these landscapes less risky from a business logic perspective, as well as from the security and accountability point of view.

Your next steps

This subset of Gartner's predictions as discussed in this article make sense in current reality. Legislation as a driver for change will support these Gartner trends as described. Time will tell if organizations will massively focus on new user functionality or (also) choose for governance, security and the organizational aspects in 2024. Use your Map as a guide to discuss your options. Let’s keep an eye on the headlines in the meanwhile.