This is part of an ongoing 2021 predictions series. We’ve asked top cyber experts to contribute their insights and expertise to provide a look ahead at what the new year may bring to cybersecurity.
Brendan O’Connor, CEO of AppOmni:
"Visibility – Visibility into configuration and data access will remain a challenge for most organizations. The growing depth and complexity of major SaaS platforms presents continuous value to business users, but continuous complexity for security teams. Knowing what the best practices are for individual SaaS applications is already enough of a challenge. Add to that the complexities of data access management, and the need to constantly monitor for API exposures. It’s a daunting task for most security teams.
Understanding changes in Attacker behavior – With the broad enterprise adoption of cloud services here to stay, the world has changed and attackers know to take advantage of working remotely. Instead of trying to penetrate the perimeter and steal data at the heart of the corporate network, attackers are now targeting cloud environments and SaaS applications as a primary attack vector. Breaking into the network and evading detection takes significant time and effort for an attacker. Connecting to an exposed API or misconfigured data store in the cloud is far easier, and doesn’t require that an attacker first compromise an internal user through phishing, credential stuffing, or other means.
Remote Work – Security professionals have been preaching for years that the perimeter is dissolving. Remote work throughout the Pandemic has solidified that case more than any whitepaper, blog post, or tech talk ever could. Security teams have 2 decades of experience protecting the corporate network, and putting the proper detections in place for their internal systems. In the world of SaaS and remote work, those internal defenses sit idle and provide limited value. Securing a remote workforce and distributed cloud applications is a much different challenge than securing the corporate network. Successful organizations will focus on putting controls directly on the data, wherever it may live. We can no longer build a wall around our network to keep the good people In and the bad people Out. Our users and our data is outside the firewall now.
Security teams are going to be asked to do more with less – Even though security budgets are growing, often security teams are not large enough to tackle projects quickly and effectively to close gaps. Add to that the growing complexity and varying security models of cloud applications - it’s enough to burn out even the best security teams. This will serve as a forcing function for security vendors to deliver more automation and shorter time to value."