Virtualization Technology News and Information
Clango 2020 Predictions: A more mature understanding of cloud from both companies and regulators will lead to a spike in security investment

VMblog Predictions 2020 

Industry executives and experts share their predictions for 2020.  Read them in this 12th annual series exclusive.

By Arun Kothanath, Chief Security Strategist, Clango

A more mature understanding of cloud from both companies and regulators will lead to a spike in security investment

Coming up on the end of a decade, innovations in technology are spreading into each industry and, in some cases, reshaping the way incumbents do business through data analysis (predictive and otherwise) and automation. While in years past one could have been forgiven for believing tech would reshape only those industries most reliant on high technology for production, it's clear now that every business will have to adapt to leverage the new tools available to them and their competitors. 2020 will be a year where companies experience cybersecurity growing pains as they evolve to meet the demands of an AI-driven, automated, and above all connected, world. Below are some of the key predictions we foresee happening in 2020. 
  • Realization of the Risks with Cloud Migration: For several years, companies have been scrambling to migrate applications and processes to the cloud. In a business environment that shifts constantly, the scalable nature of cloud computing allows companies to be as flexible as the market requires, which has led many organizations to hastily migrate workloads, prioritizing speed over cohesion in an effort to compete with incumbents as well as a new class of upstarts, themselves empowered by cloud computing. Though cloud migration will continue to accelerate, companies will gain a better understanding of what their particular cloud needs are, and further, how cloud computing fits into a broader strategic outlook. Armed with a more comprehensive understanding of the nature of cloud computing and how it relates to their businesses, senior leaders turn to security professionals to implement the complex, bespoke systems that characterize most companies' IT environments. With the amount of threats companies are now facing, companies will need to take a better look at the risks inherent in any cloud adoption. This is due to the fact that= it will remain necessary to leverage services like AWS and Azure, companies will invest more in security to reduce those risks. Another factor is the requirement to adopt multi-cloud environments - one must consider the risks of propagation of all identity aspects so that users will have the appropriate access and limited privileges.
  • Skills Shortage Gap still a Big Concern for 2020: Skills gaps, specific to the Cybersecurity industry, are poised to grow wider in 2020. The pace of technological change is outstripping the rate at which we train and educate people, and companies are starting to seriously confront this reality. The WEF estimates that 54% of workers will require significant reskilling by 2022, a problem that's significantly more acute in certain industries and geographies. And despite the forward-looking, innovative workforce development strategies that exist and will continue to emerge, a digital learning curve does exist for every industry. And further, the skills gap itself is driving automation adoption for certain critical tasks, as demonstrated by the emergence of digital adoption software and other similar products. As these products mature in the market, they will require specialized teams, exacerbating the skills gap.

Technology will continue to advance faster than we can train people - no matter the sophistication of the "lifelong learning" programs companies come to develop. This environment, in which internal networks become more intuitive, will necessitate stronger focus on managing access to those systems. Security as a dedicated process and team, rather than an extension of the help desk, will emerge to complement a general workforce that lacks the training to mitigate threats themselves.

  • Constant Shift in Regulations will Reinforce Need for Compliance: Regulators around the world are starting to gain a sense of their own power. European authorities, with the implementation of GDPR, set a global data standard and are beginning to test the strength of their ability to enforce it, imposing fines on companies that, while not yet catastrophic, represent a significant concern for shareholders. In the United States, California Privacy Protection Act (CCPA) is the beginning. This combines with the fact that regulations are shifting constantly, and so multinational companies are forced to contend with widely disparate laws across jurisdictions. The uniting demand that business be better stewards of customer data will force them to deal with compliance as a strategic imperative, especially as it concerns data security. This will lead to corresponding investments in security technology and personnel.

Further, the data protection regulation driven by privacy concerns will lead to a market bombarded with competing "solutions". Such a saturation of security solutions will cause technology to lead strategy for companies without a strong forward-looking vision, rather than leaders selecting the optimal tools to achieve a specific strategy. In other words, in their scramble to catch up to those who defined cybersecurity as a strategic priority early, companies will use the wrong tools, and leave themselves vulnerable in the process.

  • Identity Access Management (IAM) will Become a Bigger Focus in 2020: Despite the technical sophistication of many attackers, the weakest link in many companies' security posture is identity and access management. Companies face a litany of challenges in this regard: accumulated legacy systems, multiple silos of IAM, decentralized policy definition and enforcement, and more. This problem grows with network size and complexity, leaving the largest companies as exposed as they are expansive. Bad actors will continue to exploit this environment, and as businesses are pummeled from two sides - from attackers and from regulators - they will invest in identity access management strategies, implementing both software and professional expertise, as a cost-effective way to reduce the risks associated with sprawling IT environments.

This is to say that identity access management will take on a business function, beyond the purely tactical function it fills now. As senior leaders get a better understanding of vulnerabilities among their own workforces, IAM will leap to the forefront of their cybersecurity investments.

  • Security Managed Services will gain prominence: Every security leader and their team is facing the skills gap. The result is a team that is reactive in nature which creates a gap in proactive security planning, trailing in security maturity. The tools that have been acquired, the nature of newer threats and obligations to business and regulators will force the security leaders to stretch the limits of the team. An option is to approach this is considering services that can be managed by 3rd party providers. This is different from acquiring a SaaS that will provide a certain functionality. The managed service will give security leaders the capability to prioritize what is important and improve the overall security posture and focus on developing and maintaining the skills that are most important for a reliable operation. Inherently managed services will also ensure reliable financial projection.
  • Visibility is going to take a center stage: Fragmented pieces of information is making it virtually impossible for security leaders and operational staff to get a holistic snapshot of what they are up against. The lack of just-in-time information makes security operations reactive. Demand for a security dashboard that will incorporate notifications from various tools and monitors to view and act on security events and make control decisions proactively will drive standardization of monitoring and event notifications. Coupled with AI, one could expect a framework that will enable Cybersecurity leaders to proactively take strategic actions to neutralize a wide array of threats.


About the Author

Arun Kothanath 

Arun Kothanath, Clango's Chief Security Strategist, has more than 30 years of experience in information security architecture, Identity Management, and fraud management systems. Mr. Kothanath is a thought leader in the area of IAM. He has a strong background in architecting integrated systems, product development, and architecture. Mr. Kothanath has a CISSP certification and holds an honorary status of Oracle Deputy CTO.  He was also tapped by the City of Lakewood, Colorado to act as their CISO and has advised State governments in Colorado and Minnesota. He was also a key contributor to what is now called Oracle's Adaptive Access Manager while the CSO at Bharosa, later acquired by Oracle.

Published Monday, December 23, 2019 7:45 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2019>