The next big things in cyber security
Cyber security is one of the most dynamic topics in the IT industry. New threats and technologies come onto the scene very frequently, leaving security managers one step behind. It is not easy to separate the wheat from the chaff - to distinguish between the next buzz word and the next really important topic that should be evaluated for their own organizations and, if useful, further observed or deployed.
Let’s start with “the next big thing”. What is the next unicorn in cyber security? Firstly, we have to recognize that there will be no single “thing” driving the market over the next few years, but many. These driving factors are the following topics:
- Artificial Intelligence controlled cybersecurity platforms and automation: AI is definitely one of the next big things in cyber security. While there is still a lot of hype in the market, there are working solutions which organizations need to understand. The possible benefits of AI solutions can be found in the 100% monitoring of network traffic and user behavior and the automation of standard actions. For AI solution vendors, consultants and system integrators, the market is ready now and with further technological developments, this market will prosper for the foreseeable future.
Security first paradigm: The security first paradigm is relatively new in the market, but it is needed in a highly digital and integrated ecosystem. Foremost in this market will be consulting and training companies, which will find new possibilities in this space in the next 6+ months.
The role of CSO: In larger or regulated organizations, the CISO role has been renamed as CSO. The CSO then becomes part of the C-suite with its own budget, and no longer reports to the CIO. Mid-sized companies are expected to follow this trend over time. This new organization ushers in new needs for collaboration between the CSO’s office and the CIO’s office, with the lines of business, and especially production managers if applicable, opening the door for a spearhead of consulting over the next 12+ months.
Supply chain attacks: To limit supply chain risks, there are a few steps that every cyber security team should take:
Hardware: Limit the number of suppliers and inspect the delivered hardware. Sometimes, simple comparisons with technical specifications will help to identify deviations. For bespoke hardware, make sure the delivery is 100% compliant with your order.
Software: Test updates as far as possible before they are distributed across the company.
Ecosystem: Risks can be reduced through zero trust architectures and a common level of security within an ecosystem, combined with strict monitoring of privileged accounts. Larger enterprises in particular are able to dictate the security measures within their ecosystem, and they should do so. PAC expects this topic to become more widely discussed over the next 24 months, especially with service providers.
Assumed breach paradigm: The assumed breach paradigm is not new at all, but it is becoming more widely accepted as more and more incidents show that traditional plan, build, run approaches are not efficient in all cases. PAC expects this topic to become more widely discussed over the next 24+ months, especially with service providers.
Quantum-resistant cryptography: If an organization, public or private, holds data that needs to be kept confidential for more than the next 10 – 15 years, it is essential that a review process is implemented and policed now to ensure the continued efficacy of the cryptosystem that was originally used. Even though the technology is still in a research phase, PAC expects to see strong demand for quantum resilient encryption methods over the next 24+ months as a replacement for older methods.
The pervasive adoption of homomorphic encryption: Organizations which seek to outsource data processing (including cloud computing) and which need to comply with GDPR and other privacy regulations, or which deal with highly confidential data, should follow the latest developments in the area of homomorphic encryption. Even though the topic is still in the research phase, PAC expects to see strong demand for homomorphic encryption methods over the next 5+ years. Organizations and service providers need to work together to bring existing and future technology together.
SASE: SASE combines network and network security as a service, which can suit organizations challenged by dynamic and/or unpredictable network requirements. Organizations may also turn to SASE simply because it offers a way out of delivering cyber security in-house, which may suit organizations facing staffing or CAPEX challenges. Most organizations will benefit from professional services support in designing and implementing a SASE solution, whether from a vendor or from independent consultants. Pilot services delivered on a small scale almost always help to deliver better solutions once they are rolled out throughout the company. PAC expects to see strong market demand for SASE consulting and solutions over the next 18+ months.
Micro-segmentation: Micro-segmentation limits the scope of damage of a single breach. Micro-segmentation needs an SDDC solution in order to be practical. Micro-segmentation in combination with zero trust and SASE elevates security to the next level, but such projects are complex and need, in almost all cases, external help from professional services in designing and implementing a zero trust, SASE, micro-segmented infrastructure solution, whether from a vendor or independent consultants. PAC expects to see strong market demand for micro-segmentation and even greater demand for the whole package (zero trust, SASE, micro-segmentation), as well as for consulting and solutions over the next 36+ months.
Zero trust: Zero trust architectures are becoming more and more popular, but the final stage is rarely achieved at present. Zero trust in combination with SASE and micro-segmentation elevates security to the next level, but such projects are complex and need in almost all cases external help from professional services support in designing and implementing a zero trust, SASE, micro-segmented infrastructure solution, whether from a vendor or independent consultants. PAC expects to see strong market demand for zero trust and even greater demand for the whole package (zero trust, SASE, micro-segmentation), as well as for consulting and solutions over the next 36+ months.
To read the whole InBrief series, please follow the links below: