4 Trends That Will Shape App Dev in 2023
I was at a virtual employee event and hackathon when a guest speaker invited us to reach our hands up as high as we could. One of our executives got out of his chair and raised his hands high out of the video frame. “Now that is an innovative mindset,” the speaker said, clapping. “I never said you had to stay seated.”
As a developer, this memory sticks with me because I believe we are the key to driving innovation. Developers are the ones who constantly rewire and rethink how applications are built. But 2023 is delivering a plot twist. For the first time in over a decade, companies seem to be favoring efficiency over innovation. So where does that leave us?
These are the questions I asked my fellow engineering leaders when pulling together this post: What are the trends and technologies that will allow developers to focus on innovation in a tougher economic environment? What do companies need to be thinking about to help developers do their best work during an extraordinary year? Here is where we landed.
Companies Invest (More) in Developer Efficiency
Asking developers to “do more with less” is not new. Developer efficiency has been a key area of investment for years due to talent scarcity and constant pressure to “out innovate” the competition. But with the economic trends ahead of us, we will see even more money poured into developer software and tooling.
The goal will be to help developers maximize their time while writing secure and scalable code. Technology investments will need to seamlessly integrate into existing developer workflows and help them release features faster, without compromising security, compliance or reliability.
Language agnostic, low code and rapid deployments are all approaches that help drive developer efficiency, as well as allow developers to work in their language expertise. Software and tools in this space will continue to see traction, although only the ones that give 10x efficiency will win.
Commonly used components that involve some degree of security complexity, such as identity verification and consent management, are already being exposed as drag-and-drop objects. These tools keep existing developers productive while also helping new developers onboard and make meaningful contributions faster.
And it’s not just tools. The tension between innovation and security has existed since the dawn of code, but the “shift left” approach to software development is just now hitting the mainstream. I expect more investment to be made in tools that will help manage security proactively. We will also see companies bring engineering and security teams closer together to catch risks before they reach production, striving to apply “secure by design” principles.
Generative AI Goes Mainstream
Generative AI has captured developers’ attention around the globe, punctuated by the viral launch and growth of ChatGPT. Artificial intelligence has long been a key investment area for companies, but 2023 is the year we will see a rise in applications built on top of generative AI solutions. Starting with Google and Bing competition for ChatGPT, other areas where we could see companies integrate this technology include customer support, content search and aggregation, education and certainly smarter chatbots.
This means there is a need for tools and platforms to build and deploy models based on GPT-3, as well as applications to integrate with these AI models. With intense competition in this space, it will be important to take a deeper look at productivity gains from MLOps platforms and deployment tools to drive speed and scale.
Unless AI frameworks are combined with generative AI technologies to drive trust, and make the model response explainable, the adoption of GPT models in infrastructure, SecOps and other decision-making applications will be difficult.
While generative systems are being used to build proof-of-concept code generation tools, I remain skeptical of how far we can go with auto-generating useful code. But if generative AI gives way to more low-code opportunities, that would be a meaningful win.
It’s not just developers using AI. We should expect bad actors to get creative with generative AI solutions as well — using them to craft more advanced and believable phishing emails and chat bot dialogue. The DevSecOps function will see a meaningful rise, and best practices should include double-checking any code generation output against known vulnerabilities.
And with the rush to use these technologies in almost every application, it is becoming even more important that we embrace phishing-resistant factors like passkeys.
Passkeys Debut as the ‘Password Killer’
As technologists, we have known for a long time that we need to move away from passwords. With multiple connected devices and the digital explosion, passwords aren’t convenient. And they aren’t secure either. We detect a baseline of 50,000 breached passwords per day on our platform, up from 26,000 last year.
There has been a lot of innovation in this space, but nothing with broad-enough support to achieve mainstream adoption. The years of making passwords “more secure” has only added complexity for users, developers and help desks alike. Even at their best, passwords are still insufficient for securing user identities.
Passkeys are a new take on FIDO2 authentication that makes it possible to use biometric authentication (a face scan or fingerprint) across devices. Many users are familiar with this experience from unlocking their phones. Because passkeys are backed up to the cloud, it’s easy to take your identity from one device to another. They’re also more resistant to phishing and credential stuffing attacks than passwords.
So will passkeys replace passwords? I think we will make significant progress this year, as long as we focus on the developer experience. Passkeys are a delightful consumer experience, but it’s an experience consumers will never have unless we make it easy for developers to integrate passkey authentication into their apps.
The implementation of passkeys needs to take minutes, not days. If you want to see how this could look in practice, check out this blog with the main passkey flows and a demo created by identity platform, Auth0 (now the Okta Customer Identity Cloud).
Cryptographic Advancements Fight Data Leaks
Developers are tasked with implementing secure cryptographic protocols to protect sensitive data. The encryption process produces what experts call “an unintelligible blob of data” in order to secure its confidentiality. But encrypted data adds overhead for developers who need to decrypt data before searching it or using it in other applications.
It’s not uncommon for AI teams, and anyone who works with data, to feel constrained by data privacy and security efforts. (See again the tension between innovation and security.) With queryable encryption, these teams can continue to analyze and process encrypted data in a secure way.
Queryable encryption is a cryptographic advancement that makes it possible to execute search queries on encrypted data. Academics have pondered the possibility of a solution like queryable encryption for years. But with the introduction of features like MongoDB’s Queryable Encryption, the tool is starting to make its way into real-world environments for developers.
We will see more innovation in this space as privacy laws tighten around user data. One of the more interesting use cases could be allowing users to look up their own data, without allowing the service provider or its employees to access that data in plaintext.
This year will be one where companies hunker down. For developers, this means increasing focus on core products while making the right build vs. buy decisions on everything else. If you want to experiment with simplifying the complexity around identity management and security, you can try Okta Customer Identity Cloud with a free plan here.