As companies of all sizes prepare for more challenges tied to the pandemic, as well as an expected transition to a permanent hybrid workforce, security plans will need to adapt. So what kind of strategic shifts might we see in 2021? More sophisticated phishing campaigns will probably mean enhanced email security. Digital identities may grow more appealing. And a surge in M&A could introduce new security considerations.
At least, that’s some of what we heard from the experts. As part of our year in review, which looked at critical events during the last year and how they might influence 2021, SC Media collected predictions across a range of categories from cybersecurity experts. Here, the cyber community reads the tea leaves on evolving strategies of the enterprise.
Cybersecurity will become even more of a fundamental spend for businesses, says Nicole Bucala, vice president of business development, strategy and operations at Illusive Networks:
“We are already seeing a wave of naming CISOs to boards of health care companies. Enterprises will seek to procure solutions that detect advanced attackers with deterministic, certain approaches. Spending in protection and detection will be the focus of the next 6 months. Even for companies that have had declining revenues we are seeing they are forcing the purchase of cyber solutions by cutting elsewhere and shifting investment to security.”
Organizations will adopt new approaches to email security, says Alexander Garcia-Tobar, co-founder and CEO of Valimail:
“In 2021, a zero-trust approach to email security will gain traction — if only out of necessity. A zero-trust approach cuts off impersonation-based phishing attacks entirely by enabling delivery of trusted email senders only. In short, zero-trust focuses on the finite number of good senders as opposed to trying to detect an infinite variety of bad ones.”
User managed access will reign supreme in 2021, said Allan Foster, chief evangelist at ForgeRock:
“With more services online now than ever before, users expect amazing digital experiences. To keep up with consumer expectations, digital experiences will need to involve to more than one identity as more organizations start to embrace the notion of delegation. Oftentimes, authorized users are geographically separated, or using different types of devices, and these accounts or devices may not even be connected.”
We will see a shift in remote business, not just the remote workforce, says Gidi Cohen, CEO of Skybox Security:
“Our recent black swan event has forever changed the face of business, spawning new business models and services tailored to meet the demands of a new low-touch economy that is here to stay. Having full visibility and an understanding of how to secure the interrelationship between newly remote organizations in the same supply chain will be fundamental. That way, if the weakest link is compromised, the entire house of cards won’t come tumbling down.”
To cope with reduced budgets, chief information officers will seek convergence across security solutions, said Anurag Kahol, chief technology officer at Bitglass:
“Despite budget-related adversity, CIOs must still close the digital transformation gap within their organizations. As such, convergence and simplicity will be key. CIOs will turn to technologies that integrate multiple services into one platform to recognize larger cost savings. For example, secure access service edge platforms will have a major impact in 2021 as they will replace a number of disjointed point products and extend consistent protections to all enterprise IT resources through a single control point. In this way, CIOs will recognize massive cost savings and IT teams will enjoy consolidated ease of management that will save them significant sums of time.”
Enterprises will focus on longer-term solutions for enabling remote work, says Tal Zamir, CTO of Hysolate:
A digital identity will be increasingly necessary in 2021, says Ed Koehler, distinguished principal engineer at Extreme Networks:
“When most of us in the industry think about identity, we think about network access control. To those outside of the industry however, the first thing that comes to mind is a driver’s license or a passport. The concepts of a ‘digital identity’ will become increasingly prevalent on a global level. Concepts of composite identity, such as the composite of the user, device type and called application or service will be increasingly used to enforce a stronger security posture. These important steps will strongly assist in the creation of zero-trust networking environments.”
Security budgets are not necessarily going to increase but will be reprioritized, says Florindo Gallicchio, managing director at NetSPI:
“More dollars will be specifically allocated to cloud security budgets due to the prolonged and, in many cases permanent, remote work opportunities – in other words, a distributed workforce. One exception to stagnant budgets is regulatory drivers. Certain states (e.g. California) and industries (e.g. health care) may need to increase budgets to comply with new or changing regulatory expectations.”
A surge in M&A deals requires visibility into inherited infrastructure , says Keith Neilson, technical evangelist for CloudSphere:
“Most M&A deals were put on hold amidst the economic and political uncertainty of 2020. Despite the shift for many organizations’ budgets, M&A activity within the United States is expected to return to pre-COVID-19 levels. Previously, we have witnessed companies suffer massive data breaches as a result of poor infrastructure documentation and visibility following an M&A deal, triggering record-breaking fines and great financial loss. These incidents have forced the issue of IT security and proper hygiene to the forefront of such deals moving forward.
Companies will balance cybersecurity and business needs by focusing on risk, says Ilia Sotnikov, cybersecurity expert and vice president of product management at Netwrix:
“IT teams will have to find the right balance between ensuing strong security and serving business needs like scalability and accessibility. Expectations will shift from the unrealistic notion of ensuring 100 percent security to determining and meeting acceptable levels of risk and resilience.”
Traditional VPNs will be phased out with the wider adoption of a zero trust model, says Daniel Trauner, director of security at Axonius:
“In the midst of the pandemic, many companies have been forced to rethink their entire corporate IT and security strategies, especially around their employees’ access to corporate services. While initially this may not mean the immediate decommissioning or replacement of traditional monolithic corporate VPN servers, companies will more carefully consider whether certain corporate IT architectures are amenable to a large number of remote workers. VPNs based on newer protocols such as WireGuard, as well as networks based on a mesh topology with software-defined access control, may be favored over traditional approaches in the context of a zero-trust model.”