Industry executives and experts share their predictions for 2022. Read them in this 14th annual VMblog.com series exclusive.
Cybersecurity 2022: Disrupt and Conquer
By Kurt Roemer, Chief Security Strategist for Citrix
As the journey towards digital
transformation continues, IT will leverage innovative technologies to transform
the user experience and fuel competitive advantage
Cybersecurity has
taken center stage. In the wake of attacks that have crippled business and
threatened our daily lives, calls are growing louder for IT to shore up
defenses. The last year introduced a new set of really tough problems, as the
pandemic forced companies to embrace remote and hybrid work and expand the use of
cloud-based solutions to support it with unprecedented speed and scale. And many
challenges remain. But they can be overcome.
Organizations that leverage disruptive
technologies can transform user experience and deliver the secure environments
required to keep employees safe, happy and performing at their best in the new
world of flexible work. What will security look like in 2022?
Patching Becomes
Instantaneous
Corporate policies
often dictate that patches are thoroughly tested - which can take weeks that IT
doesn't have. IT departments will ditch
this practice and enable automated and verified patching across their workforce
and technologies using cloud services that are continuously patched and updated
so they can move at lightning speed.
More Servings of
Alphabet Soup
From AI/ML
(Artificial Intelligence / Machine Learning) to CASB (Cloud Access Security
Broker), EDR (Endpoint Detection and Response), SASE (Secure Access Service
Edge), SWG (Secure Web Gateway), WAAP (Web App and API Protection), XDR
(Extended Detection and Response) and ZTNA (Zero Trust Network Access), more
acronyms will emerge to support cybersecurity. And they will introduce a new
level of complexity across IT, that will require hard-to-find-and-retain
personnel and additional computing resources, budget and coordination between organizational
silos to effectively support. To simplify
things, savvy organizations will focus on unification and interoperability, demanding
products that work together as a platform to increase visibility and control
while reducing resource consumption.
AI Emerges from the
Hype to Disrupt and Conquer
Think of the toughest
cybersecurity problems. Areas where innovation is essential to disrupt the
status quo. Business issues where
applying traditional resources would be infeasible or deliver incomplete
results. In 2022, AI, will live up to its hype and help tackle these challenges
and enhance cybersecurity capabilities in the following areas:
- Detecting the rise of malicious insiders
across the workforce and supply chain
- Identifying security misconfigurations in
applications, networks and cloud services
- Actively seeking out opportunities for
increasing cyber resilience
- Determining behavioral effectiveness of the
cybersecurity portfolio
- Performing continuous pen testing -
especially with complex API dependencies
- Defining roots of trust, trust chains and
trust relationships for tech and processes
- Evaluating experience to determine the
optimal balance of security, productivity and cost
Zero Trust Evolves into
Digital Trust
Zero Trust has taken
the cybersecurity world by storm. At its most basic level, Zero Trust is a
stance dictating that all trust must be earned. Trust is never assumed, never
an afterthought. Trust is carefully
instantiated, measured and verified to be commensurate with risk. And it will
be a key driver of the digital transformation of trust, accelerating the
journey to expressing, consuming and codifying trust across the
organization.
Fewer Passwords will
be Used
Passwords are the
zombies of the internet - the undead that continue to haunt us. And IT will
begin to move away from them. According to a recent study, 72 percent of security leaders say a
password-less environment is "very" or "moderately" important to them.
In the year ahead,
the security fragility of passwords and costs associated with their continued
use will drive organizations to utilize credentials and trust factors including
Multifactor Authentication (MFA) and FIDO2. And APIs and services that
facilitate deprecating passwords will drive needed change and bring an expanded
focus on contextual access and usage.
There's no doubt
substantial progress has been made on the cybersecurity front. Leading
organizations that leverage innovative technologies and policies to support
them can sustain the momentum and turn security from a critical threat into a
competitive advantage and move their business forward.
##
ABOUT THE
AUTHOR
As Chief Security
Strategist for Citrix, Kurt Roemer leads security, compliance, risk and privacy
strategies for Citrix products. As a member of the Citrix CTO and Strategy
Office, Roemer drives ideation, innovation and technical direction for products
and solutions that advance business productivity while ensuring information
governance.
An information
services veteran with more than 30 years experience, his credentials include
the Certified Information Systems Security Professional (CISSP) designation. He
also served as Commissioner for the US public-sector CLOUD2 initiative and led
efforts to develop the PCI Security Standards Council Virtualization Guidance
Information Supplement while serving on the Board of Advisors.