Each year seems to come with more cyber threats, “bad actors,” ransomware and data breaches. The security industry is on fire right now with technology providers continuing to innovate and develop new ways to help organizations defend against all these threats. However, not all of the security budget should be spent on prevention – organizations need to invest in a key IT trend in 2021: cyber resilience.
No matter how much investment is made in traditional security elements like firewalls and DLP, data breaches will continue to occur and organizations must remain operational, even during a crisis. Cyber resilience is the concept that an organization must be prepared if or when a breach occurs – how do they get back up and running with minimal disruption to the business?
How did we get here?
The world has become incredibly dependent on technology and cloud computing, which is triggering a rise in cybercrime and, as a result, positioning cyber security as a hot topic for organizations everywhere.
Cyber resilience has begun to enter the mainstream, as the focal point turns from just securing the borders to making sure business operations can bounce back after an attack, through cyber resilience practices. The goals here are to ensure that network and IT systems data is protected and can be recovered in the event of a data breach.
In 2021, security vendors will be in a race to deliver next-generation tools and processes — an additional layer of defense — to safeguard businesses a step further. Encryption, key management and cyber resilience frameworks will emerge as everyday strategies to address compromised data, for IT security teams globally.
The end goal will be to protect data, reduce or eliminate loss, and meet the growing list of regulatory compliance requirements, like HIPAA, PCI-DSS, GLBA, NERC, FERC, GDPR and new regulations like the CCPA in California.
Other key 2021 security trends
While cyber resilience will be one of the focus areas in next year’s landscape, several other themes will be prominent for IT managers next year. A shortlist of the top five are below:
- Zero trust architectures solidify. The quick shift to more people working remotely has exposed home network environments which are oftentimes less secure and more exposed than corporate networks. This will continue to force organizations to think beyond securing only within the walls of the enterprise. Zero trust architectures will evolve beyond the hype to create real-world security offerings that enhance the “moat and wall” paradigm, rather than replace it.
- Confidential computing will mature as more trusted execution environment (TEE) technologies emerge. All three of the big IaaS vendors (AWS, Azure, Google Cloud) are already building TEE offerings as the final frontier of data protection. In turn, data-in-use protection will become required by emerging roles and technologies within the enterprise.
- Data security hits CxO primetime. Data security will no longer be the purview of just the CISO but move partially into the hands of the chief data officer and the chief privacy officer. Confidential computing will help facilitate this move as new operating budgets will be used to provide greater transparency around what data can be used and by whom. For example, aggregate data may be offered to third party analytics platforms for use in forecasting.
- Adoption of new encryption tech emerges ahead of 2020’s predicted curve. Newer data protection technologies, such as homomorphic encryption, will be adopted sooner than predicted as real-world use cases, like voting protection, demand solutions sooner rather than later.
- The “separation of lock and key” becomes a requirement. In the event an encryption key is lost, data cannot be restored in any way. IT teams everywhere will adopt the separation of encryption locks (the encryption) and keys (digital keys) as a best practice for data security.
The ramifications of last year’s global pandemic will continue to drive unprecedented digital transformation. Better, stronger security solutions that were previously unavailable will hit the street. Not only will new technologies emerge to lockdown corporate data, security as a whole will be positioned as a key initiative for 2021 at the executive level.
Organizations will embrace new edge and remote technologies to further extend worker productivity and implement more security practices like data encryption to further safeguard the distributed workforce of the future.