IT Initiatives & Trends: 2023 IBM i Marketplace Survey Results

Perhaps the most consistent data point in the IBM i Marketplace Survey Results is the ongoing cybersecurity threat. Since 2017 cybersecurity has been the main concern for people planning their IT environment, and this year was no exception. 68% of respondents admit cybersecurity is their number one concern. With the continued rise in the activity of bad actors, cybersecurity is most likely destined to hold this top spot for the years to come. 

Coming in next is modernizing applications at 64%, which makes sense because IBM has been focusing on the message of moving to the cloud to experience the value proposition of cloud-based applications and services. IBM and their business partners have a strong portfolio of products/tools for modernization. Considering this concern jumped ahead of high availability, it is a strong message that organizations need to take a holistic approach to cybersecurity, where application security is always baked into the processes of modernizing applications.  

High availability/disaster recovery dropped to the third place of concerns at 56%, which is consistent with the results from previous surveys. The good news with HA/DR is that you have options and this webinar is a good place to start. Rounding out the top 5 biggest concerns are IBM i skills (or the lack of it) and IT and business automation.  

We understand cybersecurity is a top priority for most businesses nowadays. In the last several years, we have seen enough examples of organizations being brought to their knees by data breaches, ransomware, and security vulnerabilities to realize the devastation that may result from neglecting to prioritize cybersecurity. Even though businesses that place a high value on security appear to be deploying many solutions, the fact that 27% of respondents do not intend to implement each of the solutions surveyed is concerning. 

Despite database encryption being a major aspect of many regulations, 42% of respondents claimed they had no plans to apply it. It's possible that this is because some businesses don't view the data they're storing on IBM i as particularly critical, or because the customer is placing trust in applications they're using to handle encryption. 

Other worrying statistics include that 32% and 27% do not plan to implement multi-factor authentication or anti-virus and ransomware protection, respectively. Although deployment of both security measures is gradually increasing, it is important to highlight that lack of these controls may have serious repercussions when it comes to cybersecurity insurance coverage as both are mandatory requirements. 

Of all the IBM i security challenges organizations face, a lack of security knowledge and skills once again topped the list this year, further rising to 48%. Another 45% rate the constantly changing threats as their greatest challenge, a further increase of 3 points since 2022. These top two concerns reflect the current status quo in cybersecurity across all industries and boardrooms. 

It is also interesting to note that the third concern is about balancing security and business efficiency. Too strict security control will leave employees inefficient in their roles and in the pursuit of achieving business goals. Balancing security and employee experience is a fine act. Organizations need, powerful, capable tools that can launch our business into the future with its best foot forward, all while avoiding breaches and security gaps.  

Adaptation is the overarching goal in the face of cybersecurity threats. The ever-evolving nature of threats requires ongoing vigilance on the part of businesses. As a result, we expect that the difficulty of staying current with compliance mandates will continue to expand over time, especially as state-level regulations get more complex.

There has been a big shift in IT and industry over the past several years toward implementing long-overdue improvements in data privacy, and this movement has also gained substantial traction at the national and state levels. Increases in both the number of regulations and the severity of punishments for breaking them indicate that compliance mandates are here to stay. 

This makes it all the more surprising that 24% of our respondents do not adhere to any compliance mandates. While this figure has dropped significantly from 40% in 2018, it is still astonishing to see. If you are a privately owned business that does not need to comply with certain regulations, consider business continuity as your driving force to ensure you have the correct tools in place – what would happen if your employees couldn’t access the correct systems because of a cybersecurity attack? On average, 30% of respondents reported that they are adhering to at least one regulation, namely GDPR, PCI DSS, SarbanesOxley, and HIPAA.  

It is also interesting to note that more and more businesses are now mandated by state regulations, such as those in California and New York. In addition, as more and more countries adopt their national or regional regulations, the number of organizations required to adhere to these laws will only increase in the years to come. While Gartner estimates that 75% of world countries will be covered by privacy legislation in 2023, new laws and regulations are being enacted, especially in the EU (such as DORA and Data Governance Act), making it essential to be vigilant of the changes and adapt data governance policies accordingly. 

The amount of development that takes place on IBM i is always a particular area of interest in our research, and this year the development languages used for new development show some interesting trends. The usual leaders—RPG and SQL— remain at the top this year with 93% and 80% respectively, but RPG usage has skyrocketed. People have worried that RPG was going to fade away, but IBM’s modernization of the language has helped it become a viable language into the future.  It has the ability to call services, integrate open source, SQL and other modern techniques. Organizations are using modern, modular, free format RPG for new development, and they are pairing this with other languages, which is evident in the number of languages that have significant usage. 

CLP continues to rise another 5 points to 70%, and Java remains stable at around 40%. CLP helps with the automation efforts as there is basically a command line interface to automate just about anything on IBM i. The number of users for other, more traditional development languages stayed very steady – PHP at 21% and Python at 20%. 

We are seeing more and more people writing in a combination of languages, especially because modern RPG looks and acts like other languages, which also makes it easier to teach. This is promising for the future of IBM i and can help to close the IBM i skills gap.

Open source, much like the rest of the IT world, is always developing. The increasing number of open source tools being implemented on IBM i is evidence of the significant effort put in by IBM to increase the availability of open source alternatives. As a matter of fact, 22% of people answering the survey are acting in a fairly open manner. 

Key insights to note are the further 5-point increase for Git to 25%, and another 7-point increase in Bash usage to 20%. Jenkins and Ansible continue to appear in the table, and together, with the increased use of Git and Bash, is a strong indication that businesses are putting DevOps approaches to use in IBM i workloads. This is part of the modernization conversation and justifies why application modernization is in the top two on the list of concerns. 

Rational Developer for i (RDi) is regarded as one of the leading productivity tools for IBM i. As a result, we’re encouraged to see this year’s survey responses reflect a continued trend towards using RDi. 25% of respondents said that 100% of their developers use RDi, while 48% say that 50% or more of their developers use it. Application modernization efforts, newer IBM i operating systems, and new technologies like Merlin also contribute to this trend.  

The adoption of cutting-edge practices is essential for attracting and retaining talented software developers. Maximizing output requires modern and efficient tools like RDi. In today's increasingly remote workplace, the facilitation of collaboration through RDi is essential. It also facilitates the departure from legacy development methods and tools in favor of cutting-edge, forward-thinking alternatives. 

When asked, “Does your IBM i run fully unattended after working hours?”, 77% of respondents said yes. This is a trend that continues to rise ever since 2021 and is a clear manifestation of workforces shifting drastically to remote work. The percentage of respondents who say they attend to IBM i operations outside of normal business hours has dropped to less than a quarter. 

Even though 36% of people are worried about IT and business automation, interest in RPA has been on the rise (RPA). With RPA and IBM i automation, you can "set it and forget it" while still readily adjusting as your organization evolves thanks to the rule-based technology that underpins both. 

To help clients that run many instances of IBM i, IBM has been developing deployment and configuration automation tools. Ansible and Bash are two items used in helping with deployment and system configurations.  

Unsurprisingly, 56% of our respondents this year cited high availability/disaster recovery as a top concern when planning their IT environment. The good news is that nearly all of the survey respondents have one or more systems in place to recover from a disaster. IBM i customers have a multitude of backup and recovery options to match their companies desired recover time object (RTO) and recovery point object (RPO). 

It is worth noting that cloud backups are steadily increasing, along with the finding that 53% of organizations rely on recovering from good old trusted tape and 61% high availability. Customers today are also using storage point in time backups like FlashCopy. We expect to see a rise in the reliance on all different types of recovery in the future.   

Software-based replication continues to be the clear favorite when it comes to the type of high-availability technology that organizations use, but hardware-based technology holds steady with 22% of respondents using IBM PowerHA and a total of 33% using other forms of hardware-based replication. 

When we talk about modernization, we tend to talk just about application modernization, but how you implement infrastructure to be more resilient is a type of modernization that is just as crucial. 

With workforces shifting to a remote or hybrid work model, businesses need to adapt and support remote operations. Along with this comes a new set of challenges, which most notably include security concerns with remote access at 51% (up five points from 2022) and supporting employees working from home at 32%. 

To offset these challenges, IT and security priorities have shifted to ensure the new day-to-day operations are running smoothly. These top changes include automating manual processes at 34%, implementing layered security around VPN access at 32%, and leveraging IBM i Access Client Solutions at 34%. These findings, especially the automation of processes, correlate with the previous result that more businesses are running their IBM i fully unattended. 

It is also worth noting that one third of respondents said they made no changes at all to support remote operations. Since this is a consistent finding from last year, it is now safe to assume these companies were already supporting a large volume of remote employees or operations, even before the pandemic, and had the capabilities to support the further shift.