1. Remote/hybrid work is the new normal
The percentage of remote or hybrid workers will increase 30% over next couple years. But this new workforce brings new sets of security challenges. On-prem security tools and hardware will no longer be practical or sufficient, promoting a shift to security in the cloud, which gives organizations visibility and control regardless of where the endpoint is.
2. Cyber-security mesh architecture
The use of an overarching cybersecurity mesh architecture (CSMA) will let distributed enterprises deploy and extend security where it’s most needed.
3. Security product consolidation
The next three years, 80% of IT organizations plan to adopt strategies to consolidate their security vendors. Those plans aren’t to lower costs but to improve their risk posture and reduce the time it takes to respond to incidents. Gartner recommends organizations set a guiding principle for the acquisition of new products and develop metrics to measure a consolation strategy.
4. Identity-first security
Identity control is now imperative, so organizations must invest in the technology and skills for modern identity and access management. Companies need to treat identity policy, process, and monitoring as comprehensively as traditional LAN controls. They also need to focus on the remote worker and cloud computing.
5. Machine-identity management.
Closely related to identity-first security is the ability to control access from machines such as IoT devices and other connected equipment. Organizations should establish a machine-identity management program to assess the different tools that might handle the task in their particular environments.
6. Breach and attack simulation (BAS) tools
Tools are coming to market that let enterprises simulate attacks and breaches in order to assess their network-defences. The results can reveal choke points and paths where attackers might move laterally across the enterprise.
7. Privacy-enhancing computation
Privacy-enhancing computation (PEC) techniques are emerging that protect data while it’s being used as opposed to when it’s at rest or in motion. This can enable secure data processing, sharing, cross-border transfers, and analytics, even in untrusted environments.
8. Boards are adding cybersecurity
Boards are hiring risk-assessment experts to help them evaluate threats at a corporate level.