This is part of an ongoing 2021 predictions series. We’ve asked top cyber experts to contribute their insights and expertise to provide a look ahead at what the new year may bring to cybersecurity.
2021 Predictions from Jasen Meece, CEO of Cloudentity:
1) In 2021, A Zero Trust Framework is No Longer Optional for Enterprises
There’s no doubt that COVID-19 and the shift to remote work have accelerated Zero Trust adoption in the enterprise. In 2021 and the following years, implementing a Zero Trust approach will become essential to protecting every enterprise, regardless of industry. This is due to the increasing volume of cyberthreats that organizations and individuals face on a regular basis, and human error remains one of the top causes of security breaches. In fact, roughly one-quarter of all data breaches are caused by human error, with the average cost of $3.92 million for each breach, according to a report from the Ponemon Institute. As a result of this growing issue, the Zero Trust Model will become the new standard, in which all users, even those inside the organization's enterprise network, must be authenticated and authorized before being able to access apps and data.
2) The Rise of Machine Identity for AI Bots
Today, we interact with bots more than ever before, whether it's customer service chatbots or the AI on our devices, like Siri and Alexa. These bots are used for real-time decision making to automate processes that were previously done by humans. For example, bots have automated the retail return processes for companies like Amazon. However, it becomes more complicated for enterprises to manage the identities of automated bots, especially when they are interacting with other bots at machine speed. The identities of bots must be managed and protected by the enterprise, similar to employee and customer identity, so that data isn’t compromised. This is important for CIOs and security leaders to keep in mind, because using bots for automation purposes will open new attack vectors if those bots’ APIs are hacked.
3) New Data Regulations, like CPRA, must be Enforced at the API Level
After CPRA passed in November 2020, many other states and countries may follow suit in implementing data and privacy laws to give consumers control of how their personal data is being used. However, enforcing regulations like GPCR, CCPA and CPRA needs to start at the API level. When it comes to managing consumer and employee identity, APIs are a key leg of the identity stool, dictating how the app handles user data, identity governance, and who has access to privileged data. It will be much simpler for companies to ensure they are compliant with these regulations if their APIs are updated or built from the ground up. On the flipside, if federal officials monitor and enforce these data laws at the API level, it will be evident which parts of the app’s code must be altered to comply and avoid large fines.
4) Gen Z Will Lead the Shift to Open Banking
In 2021, we will see significant international growth in the open banking industry as it democratizes financial services. In recent years, Europe has been the center of a new movement towards customer-centric banking using open banking to build new consumer banking apps, but open banking is gaining momentum in the U.S. as well with Venmo and SoFi. Now, Gen Z has grown up using opening bank apps to manage their personal finances and transfer large amounts of money, rather than traditional banks. As a result, we will see an influx of software companies being founded with the purpose of creating a new method for digital-first consumers to do banking. To keep up with the growing demand for these easy-to-use digital banking solutions, banks have now embarked on the same journey by introducing similar types of mobile apps designed to make customers’ financial lives more productive and seamless.
5) Open Healthcare Will Require New Security Standards by July 2021
A Fortune CEO survey showed that 77% of CEOs reported that the COVID-19 crisis accelerated their digital transformation plans and that 40% are spending more on IT infrastructure/platforms. This goes for the healthcare industry as well. Amid the pandemic, it’s crucial that hospitals and other medical facilities can exchange medical data and patient records quickly and privately, but with the number of ransomware attacks hospitals have fallen victim to this year, this process needs to be kept completely secure. The urgent need for secure healthcare data-sharing has led to an increase in open healthcare APIs being developed, but there are still strict compliance guidelines and regulations that must be followed for patient medical data by July 1, 2021. With open healthcare on the rise, we're seeing a shift from developers facing interoperability and compliance burdens, to an innovation opportunity that can power the digital patient and clinician experiences these unprecedented times demand.