IT Initiatives & Trends: 2024 IBM i Marketplace Survey Results

Cybersecurity ranking as the number one concern is nothing new – it has held that spot since 2017. However, in 2024, concern over cybersecurity has reached a record high of 79%, marking a jump from 68% in 2023. Clearly, IT leadership is more aware than ever of the devastating ramifications of suffering a cyberattack.

Coming in next is modernizing applications at 72%, marking an increase from 64% in 2023. This makes sense because IBM has been focusing on the message of moving to the cloud to experience the value proposition of cloud-based applications and services. Not only that, but IBM and their business partners have a strong portfolio of products and tools that lend themselves to modernization, including RDi, VS Code, SQL, RPG free, and Merlin. Additionally, IBM has a network of vendors that help promote the modernization of user interfaces. Considering this concern has firmly taken second place, organizations need to take a holistic approach to cybersecurity, where application security is always baked into the processes of modernizing applications.

High availability/disaster recovery was passed by IBM i skills – which now sits at 65% and speaks to the concern over the retirement of many IBM i professionals. The good news with HA/DR is that you have options, and this guide is a good place to start as we talk about HA/DR in the cloud. If IBM i skills is a concern of yours, we encourage you to read our guides on what to do when your AS/400 talent retires and what to consider before moving to the cloud.

We understand cybersecurity is a top priority for most businesses nowadays. In the last several years, we have seen enough examples of organizations being brought to their knees by data breaches, ransomware, and security vulnerabilities to realize that failing to prioritize cybersecurity is often at the root. Even though businesses that place a high value on security appear to be deploying many solutions, many are leaning too heavily on built-in security features.

With ransomware attacks on the rise among IBM i organizations, it is surprising to see that only 37% of respondents have antivirus and ransomware protection. The IBM i carries a reputation of being one of the most secure platforms on the market, however, threats are becoming increasingly advanced and more prone to target higher value victims like IBM i customers. Additionally, the IBM i has never been more interconnected – and therefore exposed if proper security measures are not put in place. Employing solutions that continuously scan your IBM i for malware is a necessity in today’s day and age.

To cover the financial risks of suffering a cyberattack, many are seeking cybersecurity insurance coverage. Gaining coverage can be difficult, and often requires organizations to have a variety of security measures such as MFA already in place. Even more are integrating IBM i with enterprise solutions via SIEM integration to help combat ransomware with improved visibility over critical IBM i messages and events.

Another underutilized security measure is exit point security – which only 43% of respondents have or plan to implement. As stated above, the IBM i is more interconnected than ever, and one of the best ways to prevent unauthorized access to your data is by taking advantage of exit points and programs. Exit points offer you almost complete control over who is authorized to access what, and how they can do so. If you have not implemented a commercial exit point solution, we recommend doing so in 2024.

Of all the IBM i security challenges organizations face, a lack of security knowledge and skills once again topped the list this year, rising to 49%. Another 45% rate the constantly changing threats as their greatest challenge. These top two concerns have ranked first and second respectively for the last four years and reflect the current state of cybersecurity across all industries and boardrooms.

It is also interesting to note that the third challenge is balancing security and business efficiency. Too strict security control will leave employees inefficient in their roles and in the pursuit of achieving business goals. Balancing security and employee experience is essential. Organizations need powerful, capable tools that can launch them into the future with their best foot forward, all while avoiding breaches and security gaps.

Adaptation is the overarching goal in the face of cybersecurity threats. The ever-evolving nature of threats requires ongoing vigilance on the part of businesses.

IT and industry have shifted over the past several years toward implementing long-overdue improvements in data privacy, and this movement has also gained substantial traction at the national and state levels. Growth in both the number of regulations and the severity of punishments for breaking them indicate that compliance mandates are here to stay. 77% of respondents reported that they are adhering to at least one regulation, namely GDPR, PCI DSS, Sarbanes-Oxley, and HIPAA.

This makes it all the more surprising that 23% of our respondents do not adhere to any compliance mandates. While this figure has dropped significantly from 40% in 2018, it is still astonishing to see. If you are a privately owned business that does not need to comply with certain regulations, it is still worth looking to widely adopted frameworks such as the CIS benchmarks for guidance in crafting your security strategy. Many of the guidelines set forth by these frameworks offer security best practices that, if adopted and maintained, can help you create sustained security success for your organization.

It is also interesting to note that more and more businesses are now bound by state regulations, such as those in California and New York. In addition, as more and more countries pass national or regional regulations, the number of organizations required to adhere to these laws will only increase in the years to come. Gartner estimated that 75% of world countries would be covered by privacy legislation in 2023, and new laws and regulations are being enacted every year, especially in the EU (such as DORA and Data Governance Act), making it essential to be vigilant of the changes and adapt data governance policies accordingly.

The amount of development that takes place on IBM i is always a particular area of interest in our research, and this year the development languages used for new development show some interesting trends. The usual leaders—RPG and SQL—remain at the top with 89% and 79% respectively. People have worried that RPG would fade away, but IBM’s modernization of the language has helped it become a viable language for the future. It has the ability to call services, integrate open source, SQL and other modern techniques. Organizations are using modern, modular, free format RPG for new development, and they are pairing this with other languages, which is evident in the number of languages that have significant usage.

Java remains stable at 42%, and CLP declined by four points to 66%. CLP helps with the automation efforts as there is basically a command line interface to automate just about anything on IBM i. The number of users for other, more traditional development languages stayed very steady – PHP at 18% and Python at 20%.

We are seeing more and more people writing in a combination of languages, especially because modern RPG looks and acts like other languages, which also makes it easier to teach. This is promising for the future of IBM i and can help to close the IBM i skills gap.

Open source, much like the rest of the IT world, is always developing. The increasing number of open source tools being implemented on IBM i is evidence of the significant effort put in by IBM to increase the availability of open source alternatives.

Some significant changes to note are that Apache Tomcat usage jumped from 22% to 27%, and Git usage dropped from 25% to 21%. Jenkins and Ansible continue to appear in the table, and together, with the use of Git and Bash, is a strong indication that businesses are putting DevOps approaches to use in IBM i workloads. This is part of the modernization conversation and helps explain why application modernization is near the top of the list of IT concerns.

This year’s responses show a balanced use of older tools from the Application Development Tool Set and more modern tools like Rational Developer for i (RDi) and Visual Studio Code. The Application Development Tool Set (composed of SEU, PDM, and more) came in first at 80%, followed by RDi at 56%, and Visual Studio Code at 37%.

It is not surprising that such a large percentage of respondents use the Application Development Tool Set, since the more experienced developers are familiar with these tools. However, the adoption of cutting-edge practices is essential for attracting and retaining talented software developers, and the wide use of more modern tools like RDi, Visual Studio Code, and Merlin points toward a bright future for young developers working on this platform. Overall, the results indicate that IBM i developers are using a range of tools for different development activities – and their choice of tool often depends on what they are most familiar with.

When asked, “Does your IBM i run fully unattended after working hours?”, 69% of respondents said yes. This is a trend that has fluctuated from year to year but has shown an overall consistent growth pattern since 2015. For the third consecutive year, less than a third of respondents said they attend to IBM i operations outside of normal business hours.

44% of respondents listed IT and business automation as a top concern in 2024, signaling an increased interest in RPA (Robotic Process Automation). With RPA and IBM i automation, you can "set it and forget it" while still readily adjusting as your organization evolves thanks to the rule-based technology that underpins both.

To help clients that run many instances of IBM i, IBM has been developing deployment and configuration automation tools. Ansible and Bash are two items used in helping with deployment and system configurations.

Unsurprisingly, 63% of our respondents this year cited high availability/ disaster recovery as a top concern when planning their IT environment, up from 56% in 2023. The good news is that nearly all of the survey respondents have one or more systems in place to recover from a disaster. IBM i customers have a multitude of backup and recovery options to match their desired recover time object (RTO) and recovery point object (RPO).

57% of organizations rely on recovering from tape and 61% have high availability. Customers today are also using storage point-in-time backups like FlashCopy. We expect to see a rise in the reliance on all different types of recovery in the future.

Software-based replication continues to be the clear favorite when it comes to the type of high-availability technology that organizations use, but hardware-based technology holds steady with 23% of respondents using IBM PowerHA and 13% using other forms of hardware-based replication.

When we talk about modernization, we tend to talk just about application modernization, but how you implement infrastructure to be more resilient is a type of modernization that is just as crucial.