Industry executives and experts share their predictions for 2021. Read them in this 13th annual VMblog.com series exclusive.
Zero Trust Security in Demand for the New Year
By Karthik Krishnan,
CEO of Concentric.ai
Over the last decade, authority for every
productivity-related technology decision has moved from IT professionals to
users and businesses closest to those decisions. BYOD, the first phase of this
trend, is basically over.
In 2020, work-from-home (WFH) practices
increasingly put line employees in charge of data access and management
decisions. Cloud storage and productivity applications maximized online
productivity by making collaboration easy from anywhere.
While link sharing may be liberating, data
security issues lean toward a darker edge that is difficult for most security
professionals to control.
This year, we do believe the BYO trend will
continue as businesses should embrace the authority to choose ‘as-a-service'
solutions without IT involvement. Functionally, specialized online services are
now as capable as their on-premises predecessors, they're easier to stand up,
and they're cheaper to own.
Think of it as "bring your own SaaS" - but you
can expect, for example, an accounting department to select and possibly
implement an online invoicing solution they like without much consultation their
IT team.
How the pandemic plays out this year will have
a huge impact on tactical questions ranging from budget to manpower to project
priorities - but we believe these long-term strategic trends will impact IT
organizations well beyond this year.
Get Strategic with
your Data Security Plan
There's no way to predict every 2021
eventuality. But we can forecast at least two key trends:
- End users and business stakeholders
will assert the right to choose and use technology as they see fit. IT
leaders need to find ways to support security even in the absence of
control.
- Comprehensive privacy and data
protection are the fundamental IT imperatives for the foreseeable future.
Regardless of the regulatory environment, taking steps to understand and
secure data will pay off.
What's the right path forward? Your strategic
data security plan in 2021 (and beyond) should follow this simple guiding
principal: apply zero-trust security principles to data wherever it's stored
and used. In an uncertain regulatory and threat environment, zero trust
security (which protects data by limiting access to only those with a need) is
the ideal policy approach. The devil is, as they say, in the details.
In 2021, those details will increasingly be
met by AI-enabled data discovery and risk
assessment tools that
can automate zero-trust security. Vendors commercializing some of the most
promising deep learning research can now autonomously categorize data, assess
business criticality, and even deduce appropriate data management policies -
all without extra IT overhead, rule development or end user help.
Unexpected directions
with Data Privacy
Today, most practitioners focus on risks from
external threat actors. But with a bracing action in October 2020, the GDPR
authority showed they're equally concerned with human resources data when they
slapped clothing retailer H&M with a €35 million fine for illegal employee
surveillance.
After a few years of relative predictability,
data privacy promises to get more "interesting" in 2021. The GDPR and CCPA regulatory regimes each notched
milestones in 2020.
The GDPR (as of this writing) had assessed a
record level of fines totaling €220 million. California's CCPA enforcement
kicked in on July 1st, and voters in that state passed additional privacy
restrictions via a November ballot initiative (the California Privacy Rights
Act or CRPA). The CRPA extends and modifies the CCPA, with new mandates taking
effect at the end of 2022.
Here's where things are going to get
interesting. Optimistically, effective COVID-19 vaccines will facilitate the ability for
in-person work by mid-year 2021. But it's just as likely delays in
distribution, reluctance to inoculate and lingering stress on the healthcare
system will extend work-from-home practices for many through the end of the
year. Most likely, organizations will face obligations to collect more data on
their employees than previously done, about their immunization status, health
situation, work habits, even their social interaction patterns.
Regulations governing employee data management
are currently more forgiving in the US. The CCPA, for example, includes a so-called HR
exception (which exempts internal employee information from the regulation)
that's set to expire at the end of 2023. But regardless of the go-live date,
privacy protections for employee data are clearly in the cards.
Planning matters. A hefty dose of uncertainty is certain to await us in 2021.
And whatever may be in store for us we can and should take steps now to
anticipate the data security trends that'll shape IT in 2021 and beyond.
##
About the Author
Karthik Krishnan, Founder & CEO, Concentric

Karthik Krishnan is Founder/ CEO, Concentric. Prior to Concentric, he was VP, Security Products at Aruba/HPE where he managed their security portfolio. He was VP, Products at Niara, a security analytics company focused on user and entity behavior analytics. Niara was acquired by Aruba/HPE. He has more than 20 years of experience in engineering and marketing at various hardware, software and systems such as Intel, Microsoft, Juniper Networks, PGP Corporation, Symantec and Embrane. He has a Bachelors in engineering from Indian Institute of Technology, Madras, India and an MBA with distinction from the Kellogg School of Management, where he was an F.C. Austin Scholar.