This is part of an ongoing 2021 predictions series. We’ve asked top cyber experts to contribute their insights and expertise to provide a look ahead at what the new year may bring to cybersecurity.
Tim Bandos, CISO, Digital Guardian:
Zero Trust-as-a-Service Will be a Necessary Component of Security Strategies for 2021 and Beyond, but Proper Planning and Execution is Critical for Success – We’ve learned over the years that relying heavily on network security offers little when faced with determined adversaries. Also, as organizations move more of their workloads to the cloud, access controls and the right level of data asset visibility only becomes more imperative. These conditions require more granular perimeter enforcements based on who the user is, where they are located, and other elements of data to determine the level of trust that’s granted. Implementing this type of strategy is not something that’ll occur overnight. My recommendation to organizations looking to embrace the Zero Trust model is to first design it and try to avoid the incorporation of legacy systems that aren’t fully capable of taking this journey. For larger and more complex businesses, this may be a multi-year project depending on your IT environment. But for smaller and medium-sized companies, it could be a great opportunity to completely transform how they approach cybersecurity that’ll ultimately protect them from advances being made by threat actors.
Security Priorities Will Continue to Shift for CISOs in a Post-COVID-19 World – I don’t believe the role of a CISO necessarily changes post-COVID-19, but I do think it’ll drive changes to their security strategies. We’re seeing a shift to policies around working remotely and businesses embracing this option for employees. These types of changes require CISOs to possibly pivot to different types of controls to properly secure the new perimeterless environment.