IDC Canada released its predictions for 2018 at the end of last year, but further elucidated on what that CIOs should really do about them in a presentation in Toronto last week.

While some CIOs mind be starting their year off scrambling to evaluate if blockchain can solve some business challenge (and that may be time well-spent), IDC Canada analysts served up a reminder that other areas of IT operations need executive guidance as well. Here are three takeaways that analysts really made sure stuck with the audience.

Don’t pass on PaaS

It’s time to really look at Platform as a Service. IDC Canada surveys show that spending on PaaS, a flavour of cloud infrastructure that includes Amazon Web Services or Google Cloud Platform, isn’t where it should be in Canada.

Tony Olvet, group vice-president of research at IDC Canada, shares that on average Canadian spending on IT categories represents three per cent of the total global spend. But it currently sits at only half of that for PaaS. That’s too bad because tapping into micro services is key to unlocking the agile methods that lead to digital transformation.

IDC predicts 2018 will be a turnaround year for Canadian organizations lagging with PaaS experimentation so far. Its surveying shows that six out of 10 mid-to-large sized organizations at least have PaaS plans. But with IT teams still showing lower concern than the line of business group, there’s some doubt these plans will be pursued with proper urgency.

CIOs could be using PaaS to advanced digital transformation initiatives across five different areas, IDC says. Culture and teams, technology, architecture, process, and business requirements.

With most major hyper scale providers either recently setting up data centres on Canadian soil to allay data sovereignty concerns, or with imminent plans to do so, many organizations are embracing public cloud infrastructure. Platform would be the next rung up the ladder of cloud maturity.

Don’t manage the cloud, evaluate the managed cloud

Perhaps also tied into the lack of adoption of PaaS in Canada is the complexity that comes with managing the cloud. Often cloud solutions are sold as a way to forget all about the nuisance of setting up infrastructure and just focus on core business activities. That’s a great story for end users, but less so for the IT department that finds itself juggling multiple cloud providers and somehow unifying that infrastructure with on-premises systems in the hybrid model that most organizations have settled on.

Enter managed cloud services. Spending is up and will continue to climb to $1.6 billion USD in 2021, IDC says. With organizations struggling to hire or train the talent they need to be their own cloud masters, they’re outsourcing to specialized shops. As Canadian firms scale the applications they run on the cloud to 50 per cent by 2020, IDC see a growing segment of managed digital services playing a role.

CIOs will need to direct the approach to managed cloud, IDC says, by evaluating providers and getting a grip on what’s offered, what it costs, and what level of service is needed.

You thought CASL was bad?

IDC - time to detect breach Canada
Length of time an average Canadian organization takes to detect a breach. (Courtesy of IDC Canada)

First the government cracked down on spammers with the Canadian Anti-Spam Legislation (CASL). Marketing departments have grumbled about the new compliance requirements, but have put new opt-in systems in place and found a way to avoid getting fined while still doing their jobs.

Later this year, organizations will have yet another government-mandated compliance requirement to keep in mind with data breach notification requirements kicking into effect. (Regulations could be implemented as early as this summer.)

That requirement will help coax Canadian firms to spend $200 million more on cyber security this year, bringing total spend above $2.6 billion, per IDC’s data. With many organizations taking up to a year (31 per cent) or more (12 more cent) to detect a breach, some CIOs might be looking to cut that time down to days or even hours.

IDC says CIOs also need to make sure all that new spending is helping towards the effort. Identify areas of greatest weakness and risk to make sure they are properly addressed, says David Senf, vice-president of infrastructure and cloud technologies.

Areas to start your search? Try risk management, where many Canadian firms pay little attention. Make sure your cyber security plan includes staff training (beyond the IT department), and don’t hesitate to call in help from outside services when needed.