The end of a year is always a good time for reflection, especially so if you’re evaluating what your business did right and what you can improve upon. In an increasingly digital world, IT has quickly become one of, if not the most, important aspects of an organization. So, it should be with great care that executives and admins look back on their year and try to glean some wisdom about what can be done differently in the year to come.

Here are 10 of the most important lessons that IT learned in 2015.

1. BYOX is here to stay

As smartphone use grew to near ubiquity in the enterprise, it brought with it the trend of BYOD, or, bring your own device. While that originally referred to mobile devices such as smartphones and tablets, it spawned as host of “bring your own” everything else.

“BYOX is the new mantra with consumers bringing their own applications, cloud sharing tools, social media into the enterprise; essentially bringing their own expectations of which technology they want to use and how and where they want to work in a corporate environment,” said Chuck Pol, president of Vodafone Americas.

2. DevOps is no longer just a buzzword

The term “DevOps” gained huge popularity in 2015 as a reference to an agile method that stresses the collaboration of development and operations. The goal is to connect the writers of the code with those who maintain the systems that run it. However, DevOps continues to evolve and, although it has its own set of challenges, it could be poised to become the method of choice for enterprise IT starting in 2016.

3. Data is currency

Data, especially as it relates to big data has been steadily growing in value but 2015 felt like a tipping point. Tools for both structured and unstructured data exploded in popularity and major data service providers went public, adding credibility to the field and likely creating a better inroad into the enterprise. Also, businesses got better at distinguishing between relevant and irrelevant data.

“It is no longer credible to look at data as big static objects in a deep lake, but rather be considered a set of fast moving assets in a raging river,” said Neil Jarvis, CIO of Fujitsu America. “In 2016 and beyond, companies need to look at the data that creates business-relevant information for today and tomorrow.”

4. Finding talent is problematic

Talent shortages don’t just affect startups on the West Coast. CompTIA CIO Randy Gross said that current estimates suggest there are more than one million IT job opening across the US alone, ranging across skill level from support specialists to network admins. Enterprises are going to have to work harder to attract and retain talent.

“Wise employers with IT jobs to fill have engaged in a self-examination of the tactics and strategies they’re using to attract new talent–and adjusting accordingly,” Gross said. “For some companies, new telecommuting and remote work options have helped them fill their talent gaps.”

5. SMAC is still relevant

The SMAC stack, which stands for social, mobile, analytics, and cloud, is also known by some as the “third platform.” As all of these individual components continue to grow and thrive in the workplace, their interdependencies will grow along with them.

“Senior management must become well versed about these technologies and their possibilities to create new value and new competitive advantages in their own business and markets,” Pol said.

6. Cloud lost its fear factor

Cloud acceptance was a mixed bag for a long time, but 2015 brought a more widespread embrace of cloud technologies and services in the enterprise. In fact, some trends are making it almost a necessity.

“The complete adoption of virtualization, as well as investigation into cloud and other strategies, is far more advanced than expected–particularly amongst SMBs,” said Patrick Hubbard, technical product marketing director at SolarWinds. “Making operating systems and applications truly mobile is redefining how companies think about their IT infrastructure.”

7. The security mindset is changing

Anthem BlueCross BlueShield and Harvard University were among the major organizations that dealt with a public security breach in 2015. With today’s social media, you can almost guarantee any data breach that occurs in the enterprise won’t stay a secret. And, with the risk of a breach high, Intel Security CTO Steve Grobman said that teams must adopt a new way of thinking.

“IT must embrace the mindset that they have already been breached, now how do you protect your environment with this new default outlook?,” Grobman said.

8. Shadow IT is a line item

Shadow IT carries nowhere near the same amount of scorn it once did in the enterprise. Some organizations are even openly embracing it, and making it a foundational part of their IT strategy. And, as shadow IT continues to grow, Pol said, it needs to be properly accounted for in the budget.

“As technology continues to transform business, IT infrastructure will become more complex and more difficult to have a complete view of technology across the business,” Pol said. “The role of IT will need to become more strategic and set clear lines of accountability between IT and line of business budget holders.”

9. Employees are the biggest security risk

When most people think about security risks to their organization, the image of the hooded hacker furiously typing away in a dark room. However, employees themselves pose a real threat to the security of an organization as well. Issues such as poor password practices and using unsecured networks with company devices are a real problem. Kelly Ricker, senior vice president of events and education at CompTIA, said mobile, while helping with agility and productivity, is a cybersecurity nightmare.

“Every device that employees use to conduct business–smartphones and smartwatches, tablets and laptops–is a potential security vulnerability,” Ricker said. “Companies that fail to acknowledge and address this fact face the very real risk of becoming a victim of cyber criminals and hackers.”

10. Commoditization is a threat

With the plethora of tools available to build and replicate popular tech, it is increasingly important for organizations to guard against the threat of commoditization.

“As development cycles become shorter and the potential for intellectual property to be recreated and copied increases, it is becoming more difficult to create a sustainable competitive advantage for your products and services,” Pol said.