Industry executives and experts share their predictions for 2022. Read them in this 14th annual VMblog.com series exclusive.
Why Businesses Will Be Retooling Their Data Security Strategies in 2022
By Cam Roberson, VP, Beachhead
Solutions
2022
will be the year businesses come to terms with the realities of a
forever-changed data security landscape. Now two years out from the start of
the pandemic, most companies see work-from-home policies as nothing new. And,
at this point, it's not. However, many are only now beginning to accept
distributed workplaces as the new normal from a security standpoint.
Businesses will address their changed tooling needs around securing distributed
workplaces, and do so by ignoring terms or acronyms and instead focusing on the
broader evolving threat and vulnerability landscape. Expect businesses in 2022
to also expand their strategic security perspectives beyond the current
obsession with ransomware. Instead, they'll adopt holistic strategies that
address less visceral - but equally dangerous - threats to their data security.
Here
are three predictions on how businesses will evolve their data security
practices in 2022.
1) Expect: a welcome focus on security threat vectors, not acronyms.
When
a business today looks at much of the data security market, they see a tangle
of acronyms that border on impenetrable and lead to misconceived
interpretations. From EDR to XDR to SOAR to SIEM, those studying solution
offerings and thinking they're gaining a grasp of security technologies are
often just wading through mushy marketing lingo.
In
truth, those acronym terms are loosely defined, overlapping, and subject to
change. One vendors' definition of the protections offered by a claimed acronym
can differ greatly from another. It is, therefore, dangerous to buy the
security delivered by an acronym. Instead, businesses will begin by addressing
the threat vector. (EDR, by means of an example, has all kinds of
interpretations - but based on the vendors to claim the capability, it is
mostly protection/mitigation of ransomware.) The murkiness of this acronym's
meaning is just one example of many. Without a thoughtful and holistic security
strategy, businesses will face an unending game of whack-a-mole trying to add
solutions to address new threats, while increasing their own likelihood of
getting hammered with a data breach.
In
2022, businesses will get savvy to acronym distractions. They'll be smarter
about asking what actual threats a particular solution protects against.
Vetting tools in this manner, businesses will move away from selecting
piecemeal solutions based on marketing, and toward true comprehensive security
with no weak links to speak of.
2) Expect: long-term security support for distributed workforces.
Businesses
that implemented work-from-home policies and related security measures on the
fly in early 2020 are now realizing that those policies aren't exactly going
anywhere. In general, employees aren't retreating back to the firewall-enclosed
fortress of the central office, at least not in the same numbers. Instead,
businesses must adopt new capabilities to defend employees' home offices with
the same strong protections.
In
2022, expect more businesses to adopt cloud-based security strategies that can
encrypt and control data access from employee devices regardless of location.
For example, geofencing-powered protections and policies backed by full
automation will defend distributed workforces - first sending warnings and then
revoking data access from devices that stray beyond an allowed distance from an
employee's home office. Persistent VPNs, and modern next-generation firewalls
able to protect individual employees anywhere will also earn increased
attention. Businesses will also adopt solutions that enable and simplify
regulatory compliance across distributed workforces in 2022, and invest in
security with the mindset that this is the workforce of the future.
3) Expect: the brakes get pumped on "ransomware panic."
Ransomware
is the company-scale equivalent of getting mugged. It's a scary, dangerous
interaction with criminals, and no one wants to be a target. However, put in
perspective, ransomware is just one of many threats to data security. A
business is as likely to suffer a data breach incident due to device loss or
theft, network security issues, insider threats, or simple employee
carelessness.
In
2022, cooler heads will begin to prevail when it comes to business' security
strategies, which will continue to protect against ransomware while shifting to
a much more balanced approach. The robust employee training regimens, data
encryption and access controls, compliance reporting, automated policy-based
protections and other tools necessary for comprehensive data protection will
join ransomware security as equal priorities capable of protecting against
nefarious insider threats, compliance violations, lost and stolen devices, and
poor security hygiene.
Also
worth noting: 2022 will also see the rise of "ransomware 2.0," in which
attackers frustrated by businesses with strong backup protections get revenge
by selling and exposing stolen data on the dark web. This new practice may very
well shift encryption to the forefront of ransomware protection, especially if
layered encryption proves fully capable of thwarting data exposure during these
attacks.
Given
these forecasted changes, 2022 is shaping up to be a critical year for
businesses to mature their data security to match the needs of their modern
workforces for many years to come.
##
ABOUT THE AUTHOR
Cam
Roberson is Vice President at San Jose-based Beachhead Solutions, which provides a PC and device
security platform for businesses (and MSPs) across industries to encrypt data
and automate threat responses.