This guest blog was contributed by Jackson Shaw, CSO, Clear Skye
It’s 2023, and with all the excitement of the new year and the promising new technology it will bring, there’s also a dark spot. With new products, tools, and systems comes new attack vectors and security oversights, and we need to be ready. As such, the time is now to reflect on the year we’ve had and how it will impact what’s ahead over the next 12 months.
When it comes to enterprise security, there’s no shortage of trends to talk about. 2022 was a massive year, fraught with high profile breaches, billion-dollar acquisitions, and cybersecurity legislation starting to take shape. And while many of the classic best practices around security hygiene stand the test of time, we’re being faced with new and complex challenges at the most rapid pace history has seen.
So, how do enterprise leaders decipher the important industry happenings from the noise? The 4 following trends are a good place to start.
1. Identity Security Consolidation Will Persist
Even organizations with the most modern IT frameworks are looking for a way to orchestrate security measures across hybrid-cloud environments. Leaders are increasingly aware that multiple, independent solutions are not equipped to protect today’s complex, distributed workforces. Unified identity promises to centralize access management on a single platform, and the industry is taking notice. A platform approach is not only more secure, but helps streamline workflows and increase productivity, thus lifting revenue in the process.
This year, Microsoft announced the launch of Entra, a new product family of identity and access management solutions. This includes existing tools like Azure Active Directory (AD) alongside two new product categories; Cloud Infrastructure Entitlement Management (CIEM), and Decentralized Identity. Thoma Bravo acquired identity and access management powerhouses, SailPoint and Ping Identity, with ForgeRock next on the list. Expect to see more security vendor consolidation throughout the year, leading to better protection overall.
2. IT Chops are Becoming Democratized
As companies grow larger, and more complex, expanding cross-functional teams will become a necessity to manage technology effectively. This requires technical skills—ones historically reserved for the IT team. But this is changing, and low- and no-code tools are making it possible for domain experts throughout an organization to manage technology where it’s being used. For example, an HR person tasked with on- and off-boarding employees should be able to grant or rescind access to certain tools and systems on their behalf. And it’s happening.
This shift will enable functional areas to perform more efficiently, but make no mistake, IT competency and risk awareness will be paramount for success. Give too much access and you make your organization vulnerable to risk. On the other hand, too little access will hinder employees from performing their jobs successfully. As a result, smart leaders will start weighing what works for the entire organization when it comes to technology, security, and user experience (UX).
3. Cloud and Remote Work Growing Pains Will Continue
Speaking of UX, this doesn’t just mean tools and technology; it means the environment in which people work. And according to a Harvard Business School survey, more than 80% of workers would prefer working remotely at least some of the time. Most companies have conceded. And as great as it is for employee morale, the dependence on more business applications and systems presents a much larger attack surface to secure. Consider new locations, devices, software plus varied levels of access and entitlements and things get complicated fast.
Attackers know this—and it’s made identity-based attacks ripe for the taking. Microsoft experienced nearly a thousand attacks every second in the past year alone. And that’s just externally: Insider threat incidents, on the other hand, have risen 44% over the past two years, with costs per incident up to $15.38 million (Ponemon Institute). This will get worse before it gets better, but in the meantime, the best defense is having strong security controls. Fortunately, as we’re seeing in the first trends we explored, security market consolidation should help strengthen our defenses.
4. A Passwordless World is a Pipedream—for Now
We can’t talk about security without an honorable mention for the OG: passwords. Generally, we don’t like them and they’re not the most secure. But what’s the alternative? A passwordless future would require major infrastructure changes that enterprises simply can’t support or afford. With engineering, websites, and products that will need to be rewritten entirely, it’s not as easy a fix as some might assume. Products like Apple Passkeys are easy to integrate and use, but that’s not the entire solution.
In the meantime, enterprises should consider apps that include biometrics for authentication. For example, rather than use a web client to access an account, encourage use of mobile apps, which integrate with facial recognition capabilities. Remind employees (regularly) to use unique, strong, passwords for each website that require authentication, and let the browser store the password. Most browsers synchronize the data between laptop and phone, so once connected, the need to remember—or worse, write down—passwords diminishes so users can create more complex sequences. It’s not the death of the password, but it’s a small step in the right direction.
While password problems, cloud conundrums, and ‘work from anywhere’ challenges will follow us well into the year, and perhaps beyond, I’m optimistic. Despite the security hurdles we’re facing, the industry is evolving. The shift we’re already seeing with market consolidation and a platform approach to security, as well as the democratization of IT skills are proof of where we’re headed. And from that vantage point, the future looks bright.
###
Comments