Virtualization Technology News and Information
InfluxData 2022 Predictions: Managing Cybersecurity for the Distributed Workforce

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

Managing Cybersecurity for the Distributed Workforce

By Peter Albert, Chief Information Security Officer at InfluxData

It's been nearly two years since we fundamentally shifted the way we work - and saying we've adjusted is an understatement. Organizations successfully made our work lives more productive by investing in solutions that break down barriers and improve collaboration in new ways. Technology will always drive more efficient ways to collaborate, but it also opens organizations up to a new wave of challenges.  

As all companies were navigating through the unknown, securing the remote workforce was a top concern. Our physical-to-virtual world switch made business continuity possible, and now that we've adapted to this way of working, our efforts to keep it secure will be the next great area of exploration and growth. 

Companies tackle the security skills gap in new ways: Working in cybersecurity is basically living in the job skills gap. But IT leaders shouldn't think of security as a separate entity with a siloed team and resources. Security must be distributed and embedded into the organization, and baked into every aspect of the stack, meaning security is incorporated into the day-to-day of every employee and department, and that includes training staff on security best practices related to their post. That way, the entire company becomes the security team. 

After all, most breaches continue to happen the same way - compromised credentials, social engineering, or common vulnerabilities in unpatched software that are exploited. What has changed is our level of vulnerability due to societal changes - the attack surface is everywhere now. By having a security-first mindset across the entire organization, companies will be better equipped to identify and mitigate these risks. 

Security teams double down on modeling user behavior: Ten years ago, an organization's IT portfolio was all in-house in a data center, but now applications and services are hosted almost entirely in the cloud. However only a subset of these cloud applications implement effective fraud detection, and still fewer offer observability into who and how these services are being utilized. This means organizations who consume cloud services are largely on their own to optimize security so it's becoming increasingly difficult for IT leaders to monitor security behaviors. 

Next year, CISOs will improve security monitoring by modeling user behavior of external cloud services using mathematics and behavioral modeling derived from time series data. This will enable them to detect signals and patterns in security events in a timely fashion across a very broad attack surface. This approach also takes a lot of manual work out of forensics and incident management workflows, resulting in more automated and therefore more enhanced defense measures. 

Back to the basics: Dependency verification becomes a C-suite issue: Verification of third party dependencies is a global issue and is both pervasive and difficult to detect without source code review. Teams should never download unverified code from another source and then incorporate into their application or send it straight to their shell to execute in whatever user context they are using, oftentimes root. When this happens, teams lose the visibility of what is in the code they're executing. 

The hyper-connected nature of software development and service delivery is causing the scale of this issue to become gigantic. In 2022 and beyond, security leaders will push their organizations to prioritize dependency verification and security - embedding these security practices throughout their company.

The bottom line 

Keeping pace with the scale of cybersecurity has been a top organizational priority for years. In 2022, just as we have with every other challenge we've faced along the journey, businesses will combat cybersecurity obstacles with innovation. This will include addressing skills gaps, doubling down on security modeling using time-series data, and continuing to build on our security basics including training the entire org on security best practices.



Peter Albert | CISO, InfluxData

Peter Albert 

As the Chief Information Security Officer (CISO) at InfluxData, Peter Albert is responsible for ensuring the security of InfluxData's information systems and services.  With more than 30 years of experience in the security, technology and telecommunications industries, Peter brings tremendous technical leadership and operational expertise to the company.

Prior to joining InfluxData, Peter spent 3 years at IOActive, a premier, boutique security consultancy, where he advised various Global 1000 companies on their security program. Before that, he was responsible for managing global operations and expansion of the QualysGuard global SaaS infrastructure, overseeing its worldwide security operation centers (SOCs). He has also held various leadership positions in architecture, engineering and operations with iPass Inc. and General Magic. 

Published Thursday, January 20, 2022 7:31 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2022>