Throughout 2020 we saw organisations underpinned by cloud operations benefit and, conversely, those yet to migrate struggling to respond to imposed change. The benefits of elastic infrastructure and the ability to adapt to market ebbs and flows have enabled cloud-centric businesses to adjust to the difficult times we find ourselves living in.
2021 will see a continued engagement by organisations looking to welcome the benefits of a business rooted within an adaptable environment. However, the protection of digital assets is paramount to these transformative programmes' success. This protection could be facilitated by cloud providers forming partnerships with security vendors to bolster their platforms' defences, or through new cloud-native offerings from independent vendors that plug directly into their cloud environment.
Companies will readily look to leverage security services from the hyper-scale cloud vendors and their partners, encouraged by Microsoft's deepening investment into their evolving Azure Security Center ecosystem. Companies will look to capitalise on access to the stream of Microsoft acquisitions like CyberX (ICS Security), and developments like the new Sentinel platform (SIEM), available on tap to Azure customers.
Countries/regions will continue to explore and, in some cases, develop sovereign clouds. A sovereign cloud's genesis is born from the ideal of highly secured data, embodying all that promotes citizens' confidence that their most sensitive information will remain secure. Having the right security model and services to bind these sovereign clouds is critical.
Whatever road organisations choose to travel in 2021, the inevitable drive to the cloud will bring with it an amplified need for robust and intelligent security services to secure these platforms, and how access is authorised and controlled.
With an accelerated shift to home working due to the events of 2020, organisations have extended the boundaries of their corporate networks into employee's homes. This working practice's associated risk has positioned Zero-trust architecture as an aspirational security model for corporations to adopt, encompassing a 'never trust, always verify' approach to security.
A deeper understanding of the need for stringent access control is increasing interest in 'Secure Access Service Edge' (SASE), defined by Gartner as a cloud-based framework that offers "comprehensive WAN capabilities with comprehensive network security functions". SASE is the convergence of SD-WAN, VPN, and cloud-native network security technology including; Secure Web Gateways (SWG), Cloud Access Security Broker (CASB), Firewall as a Service (FWaaS), and Zero Trust Network Architecture (ZTNA). SASE provides a user-centric approach to help secure digital businesses.
A need for tighter control of access to our network-based resources is fundamental to ensuring service continuity and will minimise the potential threat of user-focused attacks.
Automated Network Detection and Response (NDR) will be a growing demand as organisations look to machine learning based solutions that can augment their small security teams, who cannot keep pace with the increasing frequency and volume of aggressive attacks. Detection-centric security solutions will begin to supplant legacy defences and replace conventional security processes with detection-focused tools capable of performing automated remediation.
Machine-learning based defences appeal to businesses as they span several, and sometimes all, of the NIST framework functions - a model many organisations now regard as the benchmark for evaluating and tracking security posture improvement.
The application of machine learning (ML) will evolve beyond NDR to perform a more integral role in data classification and malware detection through pattern matching and reinforced learning.
The emergences of Extended Detection and Response (XDR) solutions will help improve threat detection and provide improved incident response capability. XDR automatically collects and correlates data from different security products to better advise security teams of potential threat vectors. Parallel to XDR, there will be a drive towards convergence of security services removing disparate, isolated system models, and moving towards unified security platforms that return cost efficiency and faster response to threats. This unification will allow proactive threat response with an action taken to defend organisations with minimal or no human interaction.
Open AI ecosystems, supported by several leading security manufacturers, and encouraged by the convergence initiative, will help accelerate edge computing opportunities with comprehensive, integrated threat analysis and response.
The pace of evolution observed in sophisticated attacks will mean incorporating AI-based defensive technology is not an if, but a when.
Attacks on Operational Technology networks will continue to be a growing trend. Organisations will look to secure these environments to minimise and mitigate the very present danger they pose to business continuity and survivability. Amid a pandemic, what we classify as critical infrastructure extends beyond the conventional list, and many organisations now find themselves providing 'essential services'.
The ability to assess our ICS networks' vulnerability and thereby, the essential equipment they host will be crucial to ensure production is guaranteed, and services continue without downtime. Organisations operating ICS networks and essential services are under increasing pressure to secure and control these operational networks, particularly where IoT and 5G communications integrate into the operational technology space.
The growing use of IoT and mobile devices in the enterprise will push the need for application-layer security to ensure cloud-connected devices and applications that run on them do not pose new attack vulnerabilities.
Businesses will look to capitalise on the adoption of 5G and the lower latency this brings, spawning a wave of video-based security and analytics, and allowing for real-time identification and access control through imagery and machine learning. Coupled with Edge computing, this enables robust AI-driven visual security solutions to be delivered anywhere in real-time.
However, organisations must be mindful that the rapid adoption and global propagation of 5G technology may push unsecured infrastructure into production and rely on under-skilled security professionals to protect it, resulting in potential 5G-related security incidents.
The ongoing Cyber Security Skills shortage will force organisations to focus on security process automation to eliminate repetitive tasks. This technology automates computer-centric security operation tasks based on predefined rules and templates.
Despite the arrival of GDPR in 2018, data privacy continues to be a growing concern. Companies will look to experts to ensure they minimise the potential for data privacy issues and compliance with all appropriate protection mechanisms such as GDPR. New "digital trust" experts will be in demand to help organisations maintain the integrity of all interactions in the business to consumer (B2C) space, either as an extension of or working alongside the Data Protection Officer.
Cyber Insurance will become more a necessity than a luxury as the volume and aggressive nature of attacks increases. Companies will look to bolster defences designed to minimise the risk of a breach, with tools needed for when a breach inevitably does occur. This toolbox will include forensic expertise for deep-dive analysis and financial protection.
The most common cause of a breach is still attributable to employees, whether directly or indirectly. Cyber education will become a much-needed investment as corporations engage in education programmes to ensure their employees are more sensitive to this ever-increasing attack surface. These programmes should blend formal education with targeted testing like phishing traps to test the education programmes are working.
Securing your organisation is a complex task, and not all of these areas will be relevant or necessary for your organisation. It helps first to understand what it is you are trying to protect. With this knowledge, you can quantify the impact or consequence of a breach leading to loss. Armed with this knowledge and strong security partners, you can assess where investment is needed and what level, beginning your journey to improve your security posture and ensure your business' confidentiality, integrity, and availability.
