Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
Opus Security Predictions for 2024: The Year of Orchestration
By Meny Har, CEO and co-founder of Opus
Security
Cloud
Security Posture Management and Vulnerability solutions have become staples of
almost every organization's security stack, ensuring that what were once
security blind spots across many attack surfaces would now be fully visible and
help security teams assess risk clearly. This has created an environment in
which security teams are constantly inundated with security issues without
context or prioritization. Across diverse security landscapes, such noise
inevitably creates mistrust between security and the engineers who own and lead
remediation processes, who don't know whether the issue they've been given to
resolve is even important or relevant. In addition, the amount of alerts leads
to the ominous ‘alert fatigue' that plagues many organizations and harms their
overall resilience and security posture. The need to consolidate issues from
multiple sources, prioritize with the proper context and ensure
organization-wide collaboration for swift remediation of what matters most -
with developer buy-in! - will become an organizational necessity in 2024.
The
year of the Risk Orchestrator
As
remediation becomes a more organization-wide task, security leaders will need
to find more creative ways to ensure that this collaboration - mainly between
security and engineering teams - is productive, with minimal friction and
frustrations. As it stands today, developers are justifiably annoyed by the
time and effort required for remediation processes, which are complex,
difficult to understand, and challenging to implement. As these developers take
on more significant security responsibilities, it will become the role of CISOs
to facilitate risk orchestration across the organization and for operational
teams to orchestrate day-to-day operations across disparate teams to remediate
effectively. They will now be tasked with creating productive, trustworthy,
day-to-day relationships between security and engineering teams to establish a
coherent view of security risks and provide actionable solutions.
Security
will become more about people and processes and less about tools
Security
teams can no longer undertake security processes on their own, and once this
has been established, it is becoming increasingly clear that effective
cybersecurity necessitates more than the latest advancements in cybersecurity
technology. More than just new tools, security now takes into account the
growing number of teams involved in every process. The importance of tying all
teams, tools, processes, and alerts together has grown considerably, creating
an entirely new concern for security professionals - orchestration. The
cross-functional nature of security will require an adaptation in approaches to
responsibility, ownership, and accountability, with remediation processes
becoming cross-organizational and not siloed in the security space alone.
The
Year of the Remediation Evolution
Over
the past few years, remediation has become a key element in traditional
security spaces, including Vulnerability Management, Cloud Security,
Application Security, and others. In the past, remediation was considered an
IT-centric process, often static and very centralized. In 2024, we foresee that
remediation will become an independent platform, no longer a feature of
existing security tools. Taking a more central role as a critical
organizational security process, remediation will aggregate disparate remediation
processes from across the entire security landscape into a centralized,
all-encompassing security remediation platform.
The
Year of Efficiency
The
post-COVID economic reality of the past few years, exacerbated by market shifts
and talent shortages, has inevitably bolstered the rise in demand for more
efficient solutions to pressing security challenges. Forced to rely on a
diluted workforce, organizations seek efficient, streamlined processes that
leverage existing environments but work independently and replace manual,
laborious efforts. Efficient remediation includes delivering the right context
to engineers, prioritizing alerts, rapidly finding owners, and improving
remediation reports. Leveraging automation to do these critical tasks, thereby
removing most of the manual and laborious elements of remediation, is an
increasingly necessary part of modern business. For Opus, remediating at scale
across disparate environments, teams, and infrastructures would not be possible
without leveraging automation to identify responsible teams for remediation
processes, provide out-of-the-box guides and playbooks, and prioritize issues
to alleviate alert fatigue and developer frustration.
Collaborative
processes have always been critical for productive business processes, and
forward-thinking organizations should strive to ensure streamlined workflows
across the entire company. Security once considered a distinct, barricaded part
of every organization, has evolved into a business enabler that includes
multiple teams in its processes. For remediation processes, this is a positive
shift, ensuring a wider and more transparent approach to benefit both business
and security and 2024 will be a significant milestone in this evolution.
##
ABOUT THE AUTHOR
Meny Har is
the CEO and co-founder of Opus
Security. In his previous position,
he was the first employee and VP Product at Siemplify, from its inception and
until its eventual acquisition by Google. Meny's past professional experience
includes various security leadership and development roles, following his
introduction to cybersecurity during his service in an elite intelligence unit
of the Israeli Defense Forces, as a Department Head of Operations.