Virtualization Technology News and Information
Baffle 2022 Predictions: Where cybersecurity spending will go in 2022

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

Where cybersecurity spending will go in 2022

By Ameesh Divatia, co-founder and CEO, Baffle

As cybersecurity continues to climb up the business priority stack, the astronomical valuations of public cybersecurity companies suggest that we'll see an even greater influx of massive funding in the sector. Based on my experience and conversations with executives in the field, I expect the following trends to impact where security investments are directed in 2022.

Supply chain security. The supply chain is a red flag for cybercriminals. Cybercriminals historically strike when industries are going through times of chaos-and this moment certainly qualifies. For example, many digital supply chains contain code with vulnerabilities that stem from open source projects, which cybercriminals are adept at exploiting. To help keep problems from worsening, organizations should conduct audits and penetration testing, and update cybersecurity protections within their supply chain to determine vulnerabilities and address them.

Data-centric security. Executives will champion more stringent data security standards. While 2020 proved to be a chaotic trial-and-error attempt at operating under "the new normal," 2021 was the first year of doing so with some experience. Over the last 12 months, companies collected a treasure trove of data with entirely new insights on how well they responded, areas of potential growth and avenues for greater efficiency. That data must be analyzed in the cloud-which can be vulnerable. Expect more organizations to invest in comprehensive data protection-like encryption, masking and tokenization-to facilitate faster access to analyzed data. Organizations that don't have the appropriate data analytics pipeline protections will be delayed in accessing this critical information.

National privacy law. It is difficult to say when the U.S. will adopt a federal privacy law, similar to the EU's GDPR, but next year may prove to be the tipping point. In the absence of a national referendum, states are taking matters into their own hands. I expect even more proposed privacy laws to be introduced in 2022, accelerating the debate over a national policy that sets a baseline of privacy expectations for consumers regardless of the state in which their data resides. A federal privacy law will also help minimize the number of requirements companies must sort through when conducting business in different states.

Cybersecurity complexity. Cybersecurity environments become more complex as a result of deploying cybersecurity solutions from a variety of providers. Any number of unnecessary challenges arise in a multiple-provider scenario, such as extra time managing each vendor and solution integration. Many organizations will seek solution providers with a single data transformation approach in identity management, tokenization, masking and encryption that simplifies data management and protection.

The cybersecurity talent gap. Organizations will creatively tackle the cybersecurity talent shortage. Cybersecurity professionals are taking on more tasks than ever, which leads to burnout and diverts their focus from ensuring the company has the strongest possible security posture. The talent gap increases an organization's risk considering the learning curve they face to fend off attacks or prevent accidental data exposure. To compensate for the talent shortage, more companies will employ a hybrid solution that incorporates additional training and automation. Automating a wide range of less critical cybersecurity tasks will free up staff to identify and mitigate potential threats. This approach will help retain skilled employees and be a selling point for recruiting. As well, organizations can address personnel shortages while maintaining the highest level of security.

Turning the calendar to a new year does not mean the industry will change course and improve upon policies and practices instantly. The private and public sectors must prioritize their spending, and the areas discussed here represent a good starting point. No matter what, cybersecurity hygiene with effective policies and practices will always be top-of-mind.



Ameesh Divatia 

Ameesh Divatia is co-founder and CEO of Baffle, a cloud data protection company that simplifies encryption while enabling secure computation on encrypted data in memory, in use and at rest. Divatia has a proven track record of turning innovative ideas into successful businesses.

Published Tuesday, December 14, 2021 7:30 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2021>