Developers are used to change. No. It’s a job requirement. Being able to adapt is arguably just as important as your ability to produce clean, secure, and well-documented code.
The software development industry has always existed in a state of flux. Hot new languages and frameworks displace those that have fallen out of favor. New programming paradigms emerge. Regulatory and threat landscapes shift. It’s life.
2023 promises to be no different. And yet, different. For the first time in over a decade, the tech job market looks precarious, as macroeconomic trends force businesses to tighten their belts and reassess priorities.
We spoke to some of Okta’s leading developers and product experts for their take on the year ahead. And while they acknowledge the bumpy roads before us, they’re also really excited about the maturation of new technologies that promise to change how developers work.
WebAssembly Will Make Significant Inroads
HTML5 revolutionized the way developers create rich, visual content for the web. It’s hard to overstate its significance. For the first time, developers could use native web technologies to build dynamic browser-based experiences.
It was a turning point for the Internet. With the legacy albatrosses of Flash and Silverlight discarded, web developers could finally tap its raw potential. The browser could amaze and enthrall. Ever since then, we’ve asked: “How can we do more?”
Enter WebAssembly (WASM). Introduced in 2015 by the World Wide Web Consortium (W3C), this technology allows developers to eke even more performance from their web-based applications, and arguably more importantly, gives them the freedom to develop for the browser using the language of their choice.
In short, it’s a language-agnostic virtual machine that delivers performance equivalent to other compiled languages. Or, put another way, it’s fast. Really, really fast.
Developers write code using a language of their choice — with Rust a popular option. The WASM compiler then produces a machine code and human-readable equivalent. The latter is broadly analogous to assembly language, although looks far removed from the x86 code you wrote during your undergraduate years. Squint and you might mistake it for Clojure or Common Lisp. It’s beautifully parenthetical, with instructions structured in a hierarchical indented tree format.
That was the high-level explanation. For the sake of expediency, I glossed over some important nuances. Most importantly, I should make it clear that WASM isn’t just for the Web, although that’s a popular use case. The WebAssembly System Interface (WASI) APIs allow you to use WASM in the places you’d normally use things like Node.js.
I should also point out that language support remains patchy. Some languages have WASM compilers for the web, but not WASI. Others support WASI, but don’t make it easy to write browser-based code. As with most things, your mileage will vary.
Caveats notwithstanding, WASM is currently on an upward trajectory, and Joël Franusic, CIAM Specialist at Okta, expects its use to explode in 2023. Growing numbers of businesses and individuals will use WASM in their products and projects.
“More and more languages can now compile to WASM. Admittedly, support isn’t quite where it should be — but it’s so close you can almost taste it,” he said.
He’s not wrong. Most languages have some degree of WASM support, whether via native tools (like Rust’s wasm-pack) or third-party alternatives, like TinyGo for GoLang. That support is only growing.
Businesses Will Invest in Developer Efficiency
Developer productivity is always in vogue. Open Hacker News on any given day and you’ll find a new framework or tool that promises to shorten the time between releases and accelerate the development of new features.
Admittedly, many of the biggest facilitators of improved developer productivity emerged during the most fertile years of the tech industry.
The halcyon post-2010 era, when VC money flowed freely and technology businesses had seemingly-limitless resources. coincided with the mainstreaming of DevOps and CI/CD, the emergence of cross-platform development frameworks like Flutter and React Native, and the growing popularity of microservices-based architectures. And that is, by no means, an exhaustive list.
This push to GSD (get stuff done — you can substitute ‘stuff’ for your preferred curse word’) isn’t new. But 2023 will bring a greater urgency for businesses to adopt technologies that help developers quickly write secure, scalable, and performant code.
As Bhawna Singh, SVP of Engineering at Okta, explains: “Given the economic trends we’re seeing, companies will look to improve their developer productivity so they can do more, while keeping product trust high.”
Businesses will invest in technologies that seamlessly slide into existing developer workflows, and will help engineering teams eliminate release and development friction without compromising security, compliance, or reliability.
“Developers face growing pressure to release features faster, but they’re also expected to write code that’s scalable and secure. The focus for teams will be to make the right integration, automation investments, ” Singh added.
“Tools supporting low-code/no-code options will be of value in accelerating time to market. as developer efficiency entails not only keeping an existing developer force productive, but also being able to onboard new developers quickly and enabling them to make high quality contributions faster.”
It’s not just tools. Singh believes 2023 will see engineering and security teams become more closely integrated as companies embrace the “shift left” approach to software development.
As explained previously, this approach sees security personnel take an active role in the design and development of applications, as well as the training of engineering staff.
By addressing security issues before they reach production, businesses can release stronger and more robust applications, while simultaneously reducing the monetary cost associated with fixing a vulnerability.
Given the lean months and years ahead, it’s no surprise the “shift left” approach is about to hit the mainstream.
Queryable Encryption Enters the Mainstream
One of the biggest cryptographic advances in recent years is “Queryable Encryption.” It’s exactly what it sounds like. The ability to execute search queries on encrypted data, without first having to decrypt it.
Queryable encryption had previously languished on the fringes of academia — theoretically possible, but difficult to perform in any practical sense. Not only did it require a high level of understanding in order to execute securely, it also came with a steep computational cost. But that’s beginning to change.
Aïda Diop, Software Engineer, IAM Crypto at Okta, believes that Queryable Encryption is on the cusp of mainstream success.
The cryptography expert highlights the recent launch of MongoDB’s Queryable Encryption feature, which she says will help popularize this feature.
“The ability to search encrypted data is a major research area in crypto, but it presents a number of challenges. These are mostly due to performance issues, and the difficulties in developing complex search functions on encrypted data,” she said.
MongoDB’s Queryable Encryption, she said, promises to change that. Diop, who is actively experimenting with the feature, described it as “exciting” with the potential to bring real security and privacy benefits.
As Queryable Encryption allows businesses to analyze and process encrypted user data, we’ll see an expansion of the things they choose to encrypt. On a basic level, it dramatically expands the list of things that can be secured with end-to-end encryption.
“One interesting use-case is where users want to look up their data, but they don’t want their service provider or its employees to have access to that data in plaintext,” Diop added.
Developers Will Adapt to a Tightening Tech Job Market
After a booming decade for tech jobs, the market is now set for a dramatic contraction, driven by wider macroeconomic turmoil. Already, we’re starting to see the early signs of what promises to be a brutal few years for developers, with Twitter, Facebook, and Salesforce all announcing major layoffs.
Cassio Sampaio, Senior Vice President of Product at Okta, believes both businesses and individuals will need to adapt in the face of these trying conditions.
As engineers plan their personal development, they should focus on the skills that can bring value wherever their career takes them. “Reusable skills matter a lot,” said Sampaio. “Developers should brush up on the skills that are more widely needed as teams are reorganized to meet this new reality.”
Businesses, meanwhile, should seek to improve efficiency by investing in tooling that improves efficiency and productivity. “Every dollar counts,” Sampaio argued. “Your developers should focus on core business needs, rather than trying to build everything under the sun.”
A “Developer-First” Culture Means Respect and Authority
It’s not all bad news for engineers. Although the pandemic years of 2020 and 2021 were undeniably trying, they were at least accompanied with a booming job market for developers, and workplace changes that allowed for fully-remote teams.
Developers were always a hot commodity — especially in the competitive tech hubs of Silicon Valley, London, and New York. The shift to remote working gave developers greater choice in who they worked for. They could be more discerning.
As a result, many companies placed greater emphasis on wooing tech talent. They created “developer-first” cultures.
Ana Cidre, Developer Advocacy Manager at Okta, expects this trend to continue, even throughout the tightening tech job market. But it’s not just perks that define a “developer-first” culture. It’s also defined by developers being placed in greater positions of decision-making authority.
And for B2B tech businesses, developers are now a key buying persona. “It’s incredible to see how companies are creating communities and thinking about the developer first. In my opinion, the pandemic drove this trend. Developers aren’t merely more respected, but also more accessible,” she said.
The Rise of Rapid Coding
The 1990s were a simpler time. Software came in big cardboard boxes — or as floppy disks buried within thick manilla envelopes. Patches and bug fixes were calendar events, happening relatively infrequently by today’s standards. And with computers a relatively small part of our lives, the stakes were lower.
Now software is less of a product and more of a service. It’s something we rely upon, and we expect it to improve from day to day. Few (if any) are prepared to tolerate months-long waits between bug fixes.
Developers need to be faster than ever. To meet their customers’ need for immediacy, they will have to fundamentally change the way they work. Fortunately, the modern developer apparatus is well-geared towards agility. Businesses can write, test, and deploy a software update in a matter of minutes.
But there’s more that can be done. Joël Franusic, CIAM Specialist at Okta, is particularly intrigued by the approach taken by Glitch, which was in turn acquired by serverless computing pioneer Fastly earlier this year.
Glitch and Fastly come from two different worlds, but there are obvious synergies between the two companies. While Fastly started life in the CDN (content delivery network) space, it has since placed greater emphasis on containerization — allowing developers to package their applications as low-footprint, low-dependency units that can rapidly scale and deploy.
By contrast, Glitch is a playful, web-based developer sandbox. It describes itself as a “yes code” company. Developers can build and execute code directly in the browser and see the effects of their changes in real-time. It offers a level of immediacy that you don’t typically get within traditional developer environments.
Fastly has promised a hands-off approach to its latest acquisition. It doesn’t want to change the formula that made Glitch popular in the first place. But it does seek to extend Gitch’s technology to a broader audience, particularly those who write code for work — not merely fun.
Franusic doesn’t just find this prospect enticing — he thinks it has the potential to fundamentally change the ways developers work.
“When Glitch and Fastly complete their integration, I think we’ll see a growth in rapid development. Glitch makes it ridiculously easy to make the quick changes that comprise most day-to-day software updates, but in a way that’s also highly visible, easy to test, and simple to document,“ he said.
The Debut Year of Passkeys
Vittorio Bertocci, Principal Architect at Okta, eagerly awaits the mainstreaming of passkeys as a widely-used authentication method for both businesses and consumers.
“For the past decade or so, every year has been the year we finally get rid of passwords. It’s the identity industry’s equivalent of the ‘Year of the Linux Desktop.’ And while 2023 will be no exception, I do think we’ll make some significant inroads to a glorious passwordless future this year,” he said.
“Apple, Google, and Microsoft all delivered (or promised) support for passkeys — a new take on FIDO2 authentication that makes it possible to use biometric authentication across multiple devices.”
A major differentiator between passkeys and existing FIDO2 platform authenticators is that they’re backed up in the cloud and aren’t tied to specific devices, allowing them to be used across the various devices the user owns within a given ecosystem (iCloud, Google, etc). This, Bertocci said, is a “game changer.”
“Passkeys have the potential to bring phishing-resistant authentication to the masses. They’re a massive improvement over passwords, but they do present some challenges, particularly in workforce use-cases.”
“Workers may find themselves using passkeys as consumers, but unable to do the same at work. In some cases, use of personal devices at work will become problematic, as passkeys require cloud sync to function on some platforms, and administrators aren't keen to allow that. This — and many other yet-unidentified challenges — will complicate the rollout of passkeys, but it’s clear we’re going in the right direction,” he said.