As organisations become less centralised they face new security challenges that require new ways of addressing threats that will change the basic fabric of network security, according to Gartner analysts.
A persistent challenge adapting to these changes is the skills gap -- finding IT pros with the technical know-how to meet evolving security issues, Peter Firstbrook, Gartner vice president and analyst told attendees at Gartner IT Symposium/Xpo 2021 Americas.
“Cyber security teams are being asked to secure countless forms of digital transformation and other new technologies, and if they don’t have those skilled practitioners they move toward managed or cloud-delivered services where they might not have as much control as they’d like,” Firstbrook said.
At the same time, attackers are becoming more persistent, with ransomware attacks and corporate phishing exploding. These adversaries are also becoming more professional, offering cyber attacks as a service, which lowers the barriers to becoming an attacker and greatly increases their number, Firstbrook said.
With that as a back-drop, Gartner detailed what its research shows are the top eight trends in security and risk management.
1 - Remote/hybrid work is the new normal
The percentage of remote or hybrid workers will increase 30 per cent over next couple years, which will lead to organisations hiring skilled workers regardless of where they live, which could be a business advantage, Firstbrook said.
But this new workforce brings new sets of security challenges. On-premises security tools and hardware will no longer be practical or sufficient, promoting a shift to security in the cloud, which gives organisations visibility and control regardless of where the endpoint is, Firstbrook said.
2 - Cyber security mesh architecture
The use of an overarching cybersecurity mesh architecture (CSMA) that will let distributed enterprises deploy and extend security where it’s most needed was also among Gartner’s top technology trends for 2022.
Gartner said the CSMA is a composable approach to security that will bring integrated tools with common interfaces and APIs into the security process as well as centralised management, analytics, and intelligence about what is going on across the enterprise. It can also push out policies to users and services that are being accessed.
“Distributed organisations will need to rethink their security architecture,” Firstbrook said. “Many companies are still focused on LAN or network centric security, and they need to break out of that mould and make security much more composable and locate security where the asset is."
Siloed security doesn’t work any more either. Companies can’t have email security separate from Office 365 security, for example, so much more integrated controls are needed, he said.
3 - Security product consolidation
Gartner research shows that in the next three years, 80 per cent of IT organisations plan to adopt strategies to consolidatate their security vendors, Firstbrook said. Those plans aren’t to lower costs but to improve their risk posture and reduce the time it takes to respond to incidents.
In Gartner’s 2020 CISO Effectiveness Survey, 78 per cent of CISOs said they had 16 or more tools in their cybersecurity vendor portfolio and 12 per cent have 46 or more. Too many security vendors results in complex security operations.
Going forward Gartner recommends organisations set a guiding principle for the acquisition of new products and develop metrics to measure a consolation strategy. Start with easy consolidation targets and be patient, Firstbrook said, as it takes three to five years for large organisations to to effectively consolidate.
4 - Identity-first security
Identity control is now imperative, Firstbrook said, so organisations must invest in the technology and skills for modern identity and access management. Organisations can no longer define their network perimeter as where their assets meet a public network, Firstbrook said.
Now 80 per cent of corporate traffic doesn't go over the corporate LAN, and many times companies don’t own the underlying infrastructure. The only thing they do own is identity, but that is where adversaries are looking to attack, he said.
Companies need to treat identity policy, process, and monitoring as comprehensively as traditional LAN controls. They also need to focus on the remote worker and cloud computing, Firstbrook said.
5 - Machine-identity management
Closely related to identity-first security is the ability to control access from machines such as IoT devices and other connected equipment. Firstbrook recommended organisations establish a machine-identity management program to assess the different tools that might handle the task in their particular environments.
6 - Breach and attack simulation (BAS) tools
Tools are coming to market that let enterprises simulate attacks and breaches in order to assess their network-defences. The results can reveal choke points and paths where attackers might move laterally across the enterprise. After the enterprise has addressed these weaknesses, retesting can demonstrate whether the fixes are effective.
7 - Privacy-enhancing computation
Privacy-enhancing computation (PEC) techniques are emerging that protect data while it’s being used as opposed to when it’s at rest or in motion. This can enable secure data processing, sharing, cross-border transfers, and analytics, even in untrusted environments.
One such PEC technique is homomorphic encryption, which allows performing computation on the data without decrypting it. Firstbrook said organisations should start investigating PEC products to determine the right technologies for their particular use cases.
8 - Boards are adding cyber security
Boards are hiring risk-assessment experts to help them evaluate threats at a corporate, level, so CISOs shoud try to optimise network security in a business context.