By Laura Medanich and Dennis Payton
With the exploding WFH and mobile workforce further amplified by the 2020 pandemic, it is more important than ever to cover corporate, government with a Zero-Trust security net that is flexible in coverage and hardened to protect against hackers, malware and mischief.
“There are only two types of companies: those that have been hacked, and those that will be.”[1]
“My message to companies that think they haven’t been attacked is: ‘You’re not looking hard enough”[2]
Ask any CISO about security – most will tell you they are more concerned this year than last (95% up from 91% last year) – this according to a recent Cybersecurity Insider[3] study completed in 2021. While 2020 saw the infection of humans with a pandemic, CISO’s also saw record-breaking breaches infecting the digital world.
Cybersecurity has been elevated to a top priority now with the acceleration of work from home (WFH), explosion of Mobile workforce, exponential expansion end-points, and compounded by new peaks in breaches.
Top concerns:
The majority of CISOs (63%) report the risk of data loss, leakage, and threats to data privacy as their top security concerns.
CISOs point to their specific sources of vulnerability: misconfigured cloud platforms, insecure interfaces, followed by credentials and access control. Adding to vulnerability, CISO’s report that only half of their organizations (51%) embed security testing during the Software Development Life Cycle (SDLC) while 67% still rely on periodic vulnerability and compliance reports as the primary method to manage remediation of security and compliance issues. Less than half have automation between security and DevOps in place; however, organizations recognize the advantages of deploying cloud native security solutions, including faster time to deployment (44%) and cost savings (43%).
Increased spending:
Now forced to reprioritize, organizations have pivoted, sometimes despite softer earnings. 55% of enterprise executives plan to increase their cybersecurity budgets in 2021 and 51% are adding full-time cyber staff in 2021[4].
It’s a forgone conclusion then that security spending needs to increase, but by how much?
Cybersecurity Insiders forecasts security budgets will increase by 36% in 2021 and, in particular, Cloud Security spending should increase by 33% to $585M. A new report by global tech market advisory firm, ABI Research, predicts cybersecurity spending for critical infrastructure will increase by US$9 billion over the next year reaching US$105.99 billion in 2021[6].
Security Development Predictions for 2021-2025
While none of us can truly predict the future, we can all leverage learnings from the experts. Gartner projects Cybersecurity spending, mostly by companies and governments, to hit $207 billion by 2024. IT Security Spending in Government[7] looks to the security landscape to include contenders – Check Point Software Technologies, Cisco Systems, Fortinet, Juniper Networks, Arbor Networks, Barracuda Networks, Dell SonicWall, F5 Networks, FireEye, Palo Alto Networks, Sophos and Trend Micro. Many of these companies support TiEcon in Technology thought leadership and sponsorship.
Some emerging trends and drivers we look forward to engaging at TiEcon in the Cloud and Security Track:
Gartner Top 10 Security Projects for 2020-2021 ([8])
No. 1: Securing your remote workforce
No. 2: Risk-based vulnerability management
No. 3: Extended detection and response (XDR)
No. 4: Cloud security posture management
No. 5: Simplify cloud access controls
No. 6: DMARC (domain-based message authentication, reporting and conformance)
No. 7: Passwordless authentication
No. 8: Data classification and protection
No. 9: Workforce competencies assessment
No. 10: Automating security risk assessments
Gartner Top 9 Security and Risk Trends for 2020 ([9])
Trend 1: Extended detection and response capabilities emerge to improve accuracy and productivity
Trend 2: Security process automation emerges to eliminate repetitive tasks
Trend 3: AI creates new security responsibilities for protecting digital business initiatives
Trend 4: Enterprise-level chief security officers (CSOs) emerge to bring together multiple security-oriented silos
Trend 5: Privacy is becoming a discipline of its own
Trend 6: New “digital trust and safety” teams focus on maintaining the integrity of all interactions where consumer meets the brand
Trend 7: Network security transforms from the focus on LAN-based appliance models to SASE
Trend 8: A full life cycle approach for protection of the dynamic requirements of cloud-native applications
Trend 9: Zero-trust network access technology begins to replace VPNs
Just a couple examples from the landscape Palo Alto Networks [10] [11], speaking at TiEcon 2021’s Grand Keynote, and Fortinet’s latest FortiOS release[12] are looking to address, in particular, WFH, Mobile workforce, and the push to leverage more public cloud resources and applications:
These are some of the focal points among the top security features and products. Just a couple of examples here but security vendors across the landscape that are delivering a higher level of confidence to CISOs. Throwing a security net over a corporation’s or government’s entire infrastructure, will require a complete set of solutions covering site data centers to public clouds and from expanding WFH endpoints to mobile workforce protection.
Wrap up
Organizations are now aware that they must engage stakeholders at all levels, from C-Suite to engineering to achieve a security-first, zero-trust position. TiEcon speakers in the Cloud and Security track will share their insights on the innovations borne by the exciting paradigms in Security.
Come join us as we explore the emerging opportunities. Engage with entrepreneurs and thought leaders at Silicon Valley’s top world-ranked event; TiEcon’s Cloud and Security technology track May 6th – 8th.
www.tiecon.org https://blog.tiecon.org/security-net-over-mobile-wfh-world/
[1] Robert S. Mueller, III – Director, Federal Bureau of Investigation at RSA Conference, San Francisco, CA
[2] James Snook – Deputy Director, UK Office for Cyber Security
[3] Source Cybersecurity Insider: 2020 AWS Cloud Security Report, Cybersecurity Insiders
[4] Source: PwC, Global Digital Trust Insights 2021, October 5, 2020.
[5] Source: CNBC, Palo Alto Networks CEO: All companies must ensure they weren’t hit in suspected Russian cyberattack, DEC 18, 2020
[6] Source: ABI Research, Cybersecurity Spending for Critical Infrastructure, Feb. 10, 2021 on PRNewswire
[7] Source: IT Security Spending in Government Market Outlook Industry Analysis, Size, Share, Growth, Trends and Forecast, 2025, 2021-02-26
[8] Source: Gartner Top 10 Security Projects for 2020-2021, September 15, 2020
[9] Source: Gartner Top 9 Security and Risk Trends for 2020, September 17, 2020
[10] Source: The Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q3 2020
[11] Source: Palo Alto Networks Whitepaper, How to Secure Your Business in a Multi-Cloud World
[12] Source: Press Release – Fortinet Delivers SASE and Zero Trust Network Access Capabilities, Feb 4, 2021