R is for risk management
Resource and staffing constraints in 2025 will make it unsustainable to rely solely on reactive measures to keep data secure, leading to the need to prioritise risk effectively, Thales predicted.
"In 2025, organisations must transition from a purely compliance-focused approach to a more proactive risk-focused strategy. This requires a clear understanding of risk across key dimensions, including organisational, asset, and regulatory risks. Risk visibility must be prioritised according to its potential impact on the business.
"By leveraging key data risk indicators from the entire data estate, organisations can create an actionable risk view that empowers them to make informed and effective decisions to strengthen data security," said Todd Moore, VP, Data Security Products, Thales.
 |
| Source: Diligent. Landen. |
Leaders must also prioritise fostering a cybercentric culture and increasing cyber literacy through vigorous upskilling and training to ensure cybersecurity is a priority across all levels of the organisation.”
“Risk quantification will emerge as the strongest and most reliable tool for communicating cyber risk to your boardroom in 2025. Similar to how the insurance industry continuously improves risk assessment, security professionals must break down barriers and communicate how vulnerabilities in a tech stack can impact every part of the business," Landen added.
Landen said 2025 could be the year of more cross-organisational pollination to properly communicate cyber risks to the board. "Security teams have historically been siloed, but if they can tie their challenges and successes to customer impact, sales pipeline, or product development, those barriers will deteriorate and the impact, positive or negative,
of poor security will properly resonate with the board,” she said.
Diligent has found that companies with measurably stronger cybersecurity practices deliver higher financial performance than their peers - a total shareholder return of 71% over five years compared to 37%. Landen said: "To remain secure and see greater business growth in 2025, we can expect cyber to remain one of the No. 1 risks for most companies, and, as such, a priority topic in the boardroom. We’ll see boardroom cyber literacy and education become a crucial skill, a mandatory expectation of cyber experts on boards, and executive compensation tied to cyber performance.”
"Following high-profile outages from major vendors, there will be a growing demand and need to achieve organisational resiliency and lower risk. In 2025 and 2026, businesses will demand greater transparency and assurances from vendors, moving toward resilient, multicloud or hybrid architectures to reduce downtime and dependency on single providers. This underscores the importance of reliable infrastructure, particularly in sectors where cloud adoption is high and digital services are critical," said Jeffrey Kok, VP of Solution Engineers for Asia Pacific and Japan at CyberArk.
Businesses might not be able to turn to insurance in the future. "Cyber insurance carriers will need to reassess policies as AI and quantum computing introduce new risks. In 2025, expect carriers to revise their terms to include exclusions related to AI and quantum risks, much like traditional exclusions for acts of war. This will push businesses to adopt new cyber-resilient practices to maintain insurance coverage," said BeyondTrust experts.
Cryptography Bills of Materials (CBOMs) will gain traction, said DigiCert, a global provider of digital trust. "In response to escalating cybersecurity threats, CBOMs will become a vital tool for ensuring digital trust by cataloguing cryptographic assets and dependencies, enabling better risk assessments.
GRC stands for governance, risk and compliance.
S is for software development
AI
"By harnessing the power of generative AI (gen AI), the amount of code developed is set to grow at unprecedented rates. To cope with this surge, the demand for test automation will increase to ensure quality. Software engineers and DevOps teams will look to embed gen AI in various phases, such as test case generation, release management, deployment, platform engineering and planning.
"We can also expect more non-technical users will be able to participate in testing through gen AI-powered low-code and scriptless tools. There will also be improvement in the quality of code and software outputs, since gen AI tools are able to identify weaknesses and vulnerabilities in test scripts," said Damien Wong, Senior VP, APAC at Tricentis.
 |
| Source: Couchbase. Duddi. |
Gopi Duddi, SVP Engineering, Couchbase, said that the next generation of AI-powered developer tools will transform from simple code assistants into comprehensive development partners. "While current tools like GitHub Copilot excel at code completion, documentation generation and test artifact creation, we're on the cusp of a dramatic evolution in developer productivity tools.
"Within (2025), expect these tools to become proactive development agents that can simultaneously validate code as it's written, run simulations for edge cases, check for security vulnerabilities and verify data privacy compliance — all before code reaches the main branch. This shift from reactive assistance to proactive validation will fundamentally change how developers work."
Duddi suggested that developers who experience such capabilities — having complex security checks, performance optimisations and compliance validations automated in real-time — will not be able to return to traditional development workflows.
"This evolution is happening at warp speed. Features that would have taken a decade to develop are now being released in months. Organisations that fail to adopt these advanced development tools risk falling dramatically behind in both productivity and code quality. Success in the coming years will depend not just on having these tools, but on building development workflows that fully leverage their capabilities to create more reliable, secure and efficient software delivery pipelines," he advised.
The main branch of code refers to the default version that is sent when a clone is required, or new code is to be added.
Democratisation
Ricky Robinett, VP, Developer Relations, Cloudflare said: "AI will empower a new generation of builders and transform how developers learn to code. "The time to Hello, World has shortened, creating an incredible dopamine hit that sparks curiosity for people that wouldn’t have found coding even just a few years ago. With the help of AI-powered coding assistants, natural language prompts, and serverless development platforms, anyone with a little curiosity can begin to experiment with web and application development and create something.
"Imagine a small business owner can describe their needs in a conversational way, and an AI system can rapidly prototype and generate a custom solution, or a teacher can create almost custom interactive learning tools for kids that learn in different ways, without having to hire a developer. What used to be a multiyear journey for most people who
learn to create applications or websites, my eight-year-old daughter has learned in a few 45-minute sessions. 2025 is the year this type of learning takes off."
Microservices
Rita Kozlov, VP, Product Management, Cloudflare added: "2025 will bring a shift towards microservices and more focused applications, as AI becomes a widespread developer tool. AI-powered developer copilots will encourage
a more modular approach to app development. This is because distributed, purpose-built services can be more easily understood within the context AI assistants can support.
"AI tools struggle as code bases get larger and more complex, and context windows aren’t large enough to technically – or economically – support many monolithic applications. AI models can more effectively understand, generate, and maintain smaller, focused code segments and the usage of AI assistance will further accelerate the momentum towards
building microservices. A microservice handling user authentication or payment processing becomes a more scalable solution to deploy and manage."
Rewrites
Mohan Varthakavi, VP, AI and Edge, Couchbase, said that AI will drive complete application rewrites as companies move beyond bolt-on solutions. "While there is now a surge of companies adding AI capabilities to existing applications, particularly in content generation and marketing, sectors like healthcare with vast amounts of untapped data will need to move beyond simple AI enhancements. Companies will realise that merely using AI to make existing applications better is insufficient, and they’ll need to completely rewrite their applications to fully capitalise on AI's potential," he said.
"The long-term future is a comprehensive transformation where every application – small, medium and large – is going to be revised and rewritten using AI. This sweeping movement will mark a fundamental shift from bolt-on solutions to ground-up redesigns, as organisations recognise the benefits of building truly AI-first applications that can fully harness the technology's capabilities.
Security
With organisations adopting modern application development as a means of digital transformation, application programming interfaces (APIs) can only continue to multiply, Imperva noted. The company's research found that API traffic constituted over 71% of web traffic, creating a greater need for API observability.
“Determined threat actors will increasingly look to target APIs in 2025 as the pathway to access underlying infrastructures and databases. Only by building continuous visibility, categorisation, and monitoring of data that flows through APIs will businesses be able to protect themselves. By uncovering hidden APIs, software developers and security administrators can gain more accurate insight into how to address potential security issues,” said Nanhi Singh, Chief Customer Officer and GM, Application Security, Imperva.
Testing
"Change intelligence will become critical as organisations cannot test everything due to limited resources and time. It enables swift visualisation and evaluation of how code changes could alter their systems and software," Wong from Tricentis said.
"This enables teams to quickly identify potential impacts, assess risks, and make informed decisions about which tests to prioritise, ensuring quality is maintained even under tight constraints.
S is also for servers
Lenovo expects increased demand for AI-specific infrastructure design in 2025. "2024 has seen a stronger demand for AI servers, fuelled by the increased adoption of AI and generative AI tools. As these servers consume significantly more power and generate more heat than standard servers, we can expect to see increased demand for AI-specific infrastructure in (2025)," the company predicted.
"These servers are designed to handle the unique demands of AI workloads, with optimised storage and memory to enable high speed server-to-server communication, scalable storage systems and efficient power management. The challenge for businesses will be on how they manage the high implementation and maintenance costs of this infrastructure. Employing a hybrid cloud strategy, combining on-premises infrastructure with cloud-based AI services can help reduce these costs while providing scalability."
Explore
Read more 2-Z predictions for 2025 at https://www.techtradeasia.com/2025/01/the-techtrade-asia-2024-roundup-2025.html
Hashtag: #2025Predictions
No comments:
Post a Comment