Industry executives and experts share their predictions for 2023. Read them in this 15th annual VMblog.com series exclusive.
Leaders to Rethink Security Strategies in 2023
By Dave Frampton, SVP and General Manager, Security Business
Unit, Sumo Logic
Over the past few months, security operations centers (SOC) have
been dealing with the problem of information overload. Now, cybersecurity
threats and the increased sophistication of attacks are exploding by the
minute. The shifting data landscape, remote work, and macroeconomic pressures
will require cybersecurity leaders to reinvent and reevaluate their security
tools, automation and overall approach in the below ways in 2023.
Companies Will Prioritize Security at Executive Levels
The number of bad actors is growing, and so is their skill level
and the scope of breaches. MFA (multi-factor authentication) fatigue attacks
are a serious threat to organizations in addition to ransomware attacks
(particularly on supply chain), Trojan horse malware via mobile, unsecured
credentials, and exposed internal calendars.
Therefore, cybersecurity leaders will urge their organizations to
not only continue to prioritize security, but treat security as a business
necessity rather than a cost center. This pivot and increased visibility of SecOps
and digital transformation owners into possible threats allows organizations to
be more proactive and focus on monitoring and preventing attacks.
Security
Teams Will Continue to Grapple With the Human Element of Remote Work
Organizations got a crash course in hybrid and remote work
at the start of the pandemic. While many of the related security and technology
issues have been ironed out, challenges will remain in the new year. The threat
landscape is beyond the enterprise perimeter as employees continue working from
known places and unknown places, which may be in regions where organizations
don't have a security posture. Therefore, they also lack clear communication
channels for tracking employee locations, making it difficult to detect
anomalies. Security teams will need to deploy solutions that make it easier to
detect patterns in this data without false positives.
Demand for SOAR Will Continue, but Integrate With Other
Platforms
Security orchestration, automation and response (SOAR) will
continue to exist but will be increasingly absorbed into other security
platforms and the term will die out as it becomes baked into overall security.
Such platforms are still needed for a self-healing and self-protecting
environment, but SOAR will converge with security information and event
management (SIEM) and acquisitions will continue to contribute to vendor
consolidation. In turn, SOAR and automation orchestration are going to expand
beyond the cyber use cases.
Investments
in Cloud Security Will Rise
Most
organizations are moving to the cloud, and presence in the cloud is only going
to accelerate. This means cloud security investments will be just as important
to security leaders as on-premise because of the volume of data and assets in
the cloud. The industry will develop many security products to solve these
challenges, and data-driven analytics will also continue to help. Automation
and built-in application security will also remain essential.
Security
Leaders Double Down on DevSecOps Because Offense is the Best Defense
Some adages may be old, but they're relevant for today's
security leaders more than ever as the digital transformation process creates
new threats. "The best defense is a good offense," and, "You have to be right
one hundred percent of the time, and the bad actor only has to be right once."
Cybersecurity is by nature defensive, but leaders should also make it a point
to be on the offense. Moving forward, the best-in-class security will feature
built-in protection. The more teams get ahead of security threats, the more they
can learn and build security into development to bridge data and team silos.
This also means DevSecOps will continue to evolve so that
teams can design products with security in mind from the beginning of the
process. Shifting left allows teams to focus on sharing knowledge and goals, see
anomalies in near real-time, and improve processes so they can work better
together.
Security is going to get increasingly complex as hybrid work,
cloud migration and digital transformation show no signs of stopping in the new
year. It will quickly become more challenging to scale businesses and meet security
standards and compliance requirements. In order for innovation and security to
go hand in hand, security leaders will look to new strategies that encourage cooperation
not only between developers and security teams but across organizations. This
includes product teams and those in charge of both corporate and
customer-centric environments.
##
ABOUT THE AUTHOR
Dave Frampton is the SVP/GM Security Business Unit at Sumo Logic,
the leading cloud-native machine data analytics platform. He leads the
development of security analytics solutions that solve the emerging challenges
of cloud and modern application architectures. Before joining Sumo Logic, Dave
was the Founder and CEO of FactorChain, a security startup acquired by Sumo
Logic in 2017. With over 20 years in networking and security, his previous
roles include general manager of several businesses at Cisco, spanning Security
Access Management, Application Performance, and Enterprise Infrastructure. In
addition to operating roles, he is an active advisor to several early- and
growth-stage start-ups. Dave holds an M.S. in electrical engineering, an M.S.
in engineering management, and a B.S. in electrical engineering, all from
Stanford University. Outside of work, he enjoys traveling with his wife and
three children, mountain biking, CrossFit, and ice climbing.