Among the consequences of the global pandemic in 2020, significant shifts in where and how people work and rapid contributions to corporate digital transformation have been prominent. The blind spots these shifts created were taken advantage of by cyber attackers.
No one knows if their whole environment is secure all the time. In particular, now, as so many companies have adopted ‘Bring Your Own Device’ policies, developed multi-cloud and other new environments, and acquired merging environments, they have to believe there is some degree of compromise. This places the data assets in a constant state of uncertainty and flux.
Cybersecurity practitioners need to recalibrate and reprioritize the security standards of their organizations as we enter 2021. Based on current patterns, here are the imperatives.
Transition To A Zero Trust Model
Ultimately, the industry is heading toward a paradigm of zero trust around where the data resides and user identity. The task of tracing where users go, where they come from, and how they interface and communicate with information in this model becomes the new objective of how to protect the assets in your environment.
Cloud-Based Assets: Security Requirements
We should expect further breaches in 2021 as companies begin to move to and embrace newer cloud-native applications. Most companies do not have a long-standing, solid security posture to cope with these environments, and some exposure would be generated by the novelty and lack of expertise in them. From an organizational viewpoint, as they carve out, as part of their infrastructure, applications, and parts of services to be hosted in these environments, companies will circumvent the hassle of managing instances. The recent breaches also highlight the need for security teams to help their company leaders understand and take action to help manage the risks of these environments.
Making protection the responsibility of everyone in the company can be parlayed to mitigate and deter data breaches in the future. Cloud/API Centers of Excellence are one way that companies are taking this on. Within an enterprise, these ‘think tanks’ are a cross-functional community of individuals who create patterns and trends for weaving security into the life cycle of software development.
Security For A Perpetual “State Of Hybrid”
We are seeing a permanent hybrid state that will continue in 2021 since there are certain items such as mainframes that companies will not transfer out of the data center. Organizations can retain essential applications in a private cloud, run other standard public cloud applications, and provide an SD-WAN or some form of private connection between them. As an industry, with the way that application networks are developed and implemented, we have advanced to a new level of sophistication. We will see more re-architecture and re-platforming of the apps themselves and a departure from the trends of native design. Organizations can take better advantage of cloud-native services. In comparison to doing a “lift and shift” of apps that they don’t want to host in your data center, they’re just going to put it in the same estate elsewhere.
The “collect everything” of which data lakes are an important part is one of the trends related to creating security in this hybrid state. In being able to have a predictive study of consumer behavior on whatever is in the environment, companies realize a competitive advantage. This also implies that organizations need to protect a great deal of information now, something for which they probably did not have a plan or strategy before.