This article was written by Michael Cooney and published by NetworkWorld

 

As organizations become less centralized they face new security challenges that require new ways of addressing threats that will change the basic fabric of network security, according to Gartner analysts.

A persistent challenge adapting to these changes is the skills gap–finding IT pros with the technical know-how to meet evolving security issues, Peter Firstbrook, Gartner vice president and analyst told attendees at Gartner IT Symposium/Xpo 2021 Americas.

“Cybersecurity teams are being asked to secure countless forms of digital transformation and other new technologies, and if they don’t have those skilled practitioners they move toward managed or cloud-delivered services where they might not have as much control as they’d like,” Firstbrook said.

At the same time, attackers are becoming more persistent, with ransomware attacks and corporate phishing exploding. These adversaries are also becoming more professional, offering cyber attacks as a service, which lowers the barriers to becoming an attacker and greatly increases their number, Firstbrook said.

With that as a backdrop, Gartner detailed what its research shows are the top eight trends in security and risk management.

Remote/hybrid work is the new normal

The percentage of remote or hybrid workers will increase 30% over next couple years, which will lead to organizations hiring skilled workers regardless of where they live, which could be a business advantage, Firstbrook said. But this new workforce brings new sets of security challenges. On-prem security tools and hardware will no longer be practical or sufficient, promoting a shift to security in the cloud, which gives organizations visibility and control regardless of where the endpoint is, Firstbrook said.

Cyber-security mesh architecture

The use of an overarching cybersecurity mesh architecture (CSMA) that will let distributed enterprises deploy and extend security where it’s most needed was also among Gartner’s top technology trends for 2022. Gartner said the CSMA is a composable approach to security that will bring integrated tools with common interfaces and APIs into the security process as well as  centralized management, analytics, and intelligence about what is going on across the enterprise. It can also push out policies to users and services that are being accessed.

“Distributed organizations will need to rethink their security architecture,” Firstbrook said. “Many companies are still focused on LAN or network centric security, and they need to break out of that mold and make security much more composable and locate security where the asset is.” Siloed security doesn’t work any more either. Companies can’t have email security separate from Office 365 security, for example, so much more integrated controls are needed, he said.

Security product consolidation

Gartner research shows that in the next three years, 80% of IT organizations plan to adopt strategies to consolidatate their security vendors, Firstbrook said. Those plans aren’t to lower costs but to improve their risk posture and reduce the time it takes to respond to incidents. In Gartner’s 2020 CISO Effectiveness Survey, 78% of CISOs said they had 16 or more tools in their cybersecurity vendor portfolio and 12% have 46 or more. Too many security vendors results in complex security operations. Going forward Gartner recommends organizations set a guiding principle for the acquisition of new products and develop metrics to measure a consolation strategy. Start with easy consolidation targets and be patient, Firstbrook said, as it takes three to five years for large organizations to to effectively consolidate.

Identity-first security

Identity control is now imperative, Firstbrook said, so organizations must invest in the technology and skills for modern identity and access management. Organizations can no longer define their nework perimeter as where their assets meet a public network, Firstbrook said. Now 80% of corporate traffic doesn’t go over the corporate LAN, and many times companies don’t own the underlying infrastructure. The only thing they do own is identity, but that is where adversaries are looking to attack, he said. Companies need to treat identity policy, process, and monitoring as comprehensively as traditional LAN controls. They also need to focus on the remote worker and cloud computing, Firstbrook said.

Machine-identity management

Closely related to identity-first security is the ability to control access from machines such as IoT devices and other connected equipment. Firstbrook recommended organizations establish a machine-identity management program to assess the different tools that might handle the task in their particular environments.

Breach and attack simulation (BAS) tools

Tools are coming to market that let enterprises simulate attacks and breaches in order to assess their network-defenses. The results can reveal choke points and paths where attackers might move laterally across the enterprise. After the enterprise has addressed these weaknesses, retesting can demonstrate whether the fixes are effective.

Privacy-enhancing computation

Privacy-enhancing computation (PEC) techniques are emerging that protect data while it’s being used as opposed to when it’s at rest or in motion. This can enable secure data processing, sharing, cross-border transfers, and analytics, even in untrusted environments. One such PEC technique is homomorphic encryption, which allows performing computation on the data without decrypting it. Firstbrook said organizations should start investigating PEC products to determine the right technologies for their particular use cases.