There are so many moving parts in the cyber security industry and sometimes it can seem like there is a new trend to follow every single week.
Today, we’re going to examine Gartner’s recent article on the Top Security Trends for 2021.
Peter Firstbrook, VP of Gartner Research, discussed eight trends for security and risk-management leaders to watch. He said that these trends, “are a response to persistent global challenges that all organisations are experiencing.”
Trend 1 – Cyber Security Mesh
Cyber Security Mesh is a modern security approach built on securing points of access, rather than building a single perimeter around an entire network.
Cyber security mesh creates smaller perimeters around identities or access points and is a modular, responsive architecture that helps to centralise policy management and ensures enforcement is more distributed.
This new model throws the “moat and castle” style of security out of the window. Concepts like “inside the network it’s safe” and “outside the network it’s not” are outdated when you have a distributed workforce. Employees move corporate data around as they move from meeting to meeting or from a coffee shop to a client’s office and then back to their homes.
If your employees are working from anywhere, the protection you provide needs to extend everywhere.
Trend 2 – Identity-First Security
Identity is the new perimeter. F5 Labs estimate that 86% of breaches target identity or the application – so a security program (built on the principles of a cyber security mesh, or Zero-Trust model) that is software-defined and cloud delivered will be better suited to support the work from anywhere model.
The Gartner report states, “Identity-first security puts identity at the centre of security design and demands a major shift from traditional LAN edge design thinking”.
In October 2020, Pentesec hosted a webinar with Okta, CrowdStrike and Proofpoint to talk about the Spectra Technology Alliance they had set up. The integration between these leading vendors puts Identity at the heart of security and offers a seamless, integrated solution to securely enable remote work.
This integration provides secure and frictionless access for all teams no matter the location.
You can view the webinar recording here.
Trend 3 – Security Support for Remote Work
At Pentesec and across the Charterhouse Group, we believe the future of office working is a hybrid model and businesses need to be able to provide the same level of security support to remote workers as they do those in the office.
Richard Betts, the Charterhouse Group CRO, noted in a recent blog that “According to a McKinsey survey, more than 20% of the workforce could work remotely three to five days a week as effectively as if working from an office location.”
However, when considering remote work, the focus cannot just be on security – it needs to encompass connectivity and communications as well.
The Group’s Fusion proposition is built on three pillars: Connect. Collaborate. Secure. These pillars ensure your business thrives in today’s world of digital disruption.
Visit the Charterhouse Group website to find out more.
Trend 4 – Cyber Security Focus at Board Level
From the start of the global COVID-19 pandemic there has been a focus on cyber security. As case rates have proliferated globally, so too have the cyber-risks faced by businesses.
We have seen an exponential increase in attacks on healthcare systems, critical infrastructure, education, vaccine development and more – no industry is safe.
By 2025, Gartner predicts that 40% of boards of directors will have a dedicated cyber security committee overseen by a qualified board member (up from less than 10% today).
Trend 5 – Security Vendor Consolidation
Consolidation of Security Architecture is not new – but it has found a renewed focus in the last 12 months. What people want is a robust, easy to use security infrastructure and, more importantly, to sleep soundly at night knowing their business is secure.
But how can you know that for certain if you are using 16+ security products? Can you definitively state there are no misconfigurations? That there are no gaps? That your staff know NOT to click on that email?
Having myriad security products increases the complexity of your role, the cost of your infrastructure and your staffing requirements. With 80% of businesses telling Gartner that they have a hard time finding and hiring security professionals, why make things more difficult?
Simplify your infrastructure, consolidate your tools and improve your security posture
Trend 6 – Privacy-Enhancing Computation
Gartner predicts that 50% of large organisations will adopt privacy-enhancing computation for data processing in untrusted environments.
Businesses that process, share, transfer or analyse data would benefit from techniques that work to enhance the protection of “in-use” data (rather than data in motion or at rest).
Italy Levy, founder of Identiq, sums it up perfectly:
“PEC allows different parties to extract value from the data and get actionable results from it without the data ever being shared with those parties. It’s a way to collaborate without sharing personal or sensitive data.”
Trend 7- Breach and Attack Simulation
Have you considered the difference between Breach and Attack Simulation (BAS) and Penetration Testing?
Now, this could be a controversial statement, but: the benefits of a properly implemented BAS solution outweigh the benefits of a penetration test.
Solutions like Picus’ Continuous Security Validation platform give you dependable results based on systematic, repeatable assessments that can identify gaps in your security posture. Picus matches mitigations to attacks and integrates with well-known vendors like Check Point, F5 and Palo Alto to assess your infrastructure against tens of thousands of threats.
Without continuous testing, errors and misconfigurations will go unnoticed or worse – be discovered by real attackers.
Trend 8 – Managing Machine Identities
Machine Identity Management is the process of governing and orchestrating the identities of machine, devices, workloads, applications, containers, IoT and more. It is essential for data security, integrity and compliance.
TechCrunch and Venafi said, “After all, if machines can’t properly identify another machine how can they decide whether to allow or deny a connection? And how can you and the bank ensure that the data being relayed hasn’t been intercepted by another party?”
Given the increase in the number of non-human entities present in organisations, machine identity management should form a crucial part of any security strategy moving forward.
What can we do to help you?
To repeat a now oft used cliché – 2020 was a year like no other.
We experienced a rapid digital transformation that, we believe, will continue to have an impact on our lives for years to come.
We need to adjust to a world where everyone can work everywhere, whenever they like and businesses will need speed, agility and resilience to keep up. The biggest challenges will be delivering secure and optimal access to everyone, everywhere, every time.
We want to help businesses to:
- Adopt a security first culture.
- Ensure cyber security becomes an enabler, not a blocker.
- Align their cyber security strategy to the business goals.
- Maximise the ROI of their existing cyber security investments.
- Reduce the risk to the business and improve the security posture.
If you would like to talk to one of the team and discuss any of these trends or the support Pentesec could offer you, please contact us.