Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
2024: Enterprises Must Brace for Change in the Year Ahead
By Todd Moore, VP of
Data Security Products, Thales
From embracing new
security regulations to safeguarding against growing security threats like
misuse of generative AI, 2023 has been a year of adaptation. However, this is
just the beginning of major enterprise industry shifts to come in 2024. Amid the
need to keep pace with advancing tech, economic headwinds, and major challenges
in legal accountability, here is how leaders will be steering their businesses
in the coming year.
The rubber will meet the road for
quantum-safe cryptography implementation.
Between the
reauthorization of the Quantum Initiative Act and the anticipated release of
the finalized NIST standard publications, the industry is approaching the peak
of the quantum race hype cycle. Additionally, the heightened level of awareness
around quantum initiatives has brought quantum-safe technology to the forefront
for most organizations. 2024 will be the year that rubber meets the road for
practical implementations of quantum-safe cryptography in the real world. We will
be wrestling with the integration of post-quantum cryptography (PQC) technology
into systems that underpin our most critical systems - communication, commerce,
data privacy - that have been untouched for decades. And while we will see
great advancement, we will also see quite a few hurdles; realistically, this
will be a decade-long effort. But what is most critical is that we will finally
see progress in switching wholesale public key infrastructure (PKI) systems
from the old to the new.
From the industry at
large, expect more organizations to only invest in solutions that are crypto-agile
and post-quantum ready. The true quantum breakthroughs may come in five years,
10 years or more, but the new standard moving forward will be that investments
are future-proofed and quantum-safe from the get-go.
Budget pressures will
see a shift in how companies purchase cybersecurity tools in 2024.
The most resilient
companies are constantly examining their investments and spending, and finding
ways they can make budgets work harder and perform better. As cybersecurity
technologies advance, there is a real trend toward integrated platforms -
giving companies greater choice and flexibility over what services they require
and which they do not. CISOs and security teams, under pressure to deliver the
same results with smaller budgets, will increasingly turn to integrated
platforms in 2024 to consolidate vendor partnerships and drive efficiency. Gartner
has recognized this, forecasting that 30% of enterprises by 2025 will have
adopted broad-spectrum data security platforms, up from less than 10% in 2021.
The search for
standards and stewards of cyberattack accountability will begin.
In the wake of the
landmark SolarWinds case, the role of security leadership for companies will be
under a microscope in the coming year. Public companies are now being called to
task by the SEC, and leaders will be looking internally to determine how security
will be handled moving forward. Where compliance and security leaders were
originally separate, there will be greater harmony to make sure best practices
and legal needs are both being met - and many will look to audit companies,
insurers and certifiers for indemnification and protection. Considering this,
there will be major calls for a mandate or national standard that these public
companies can measure against. Today, while
we have the building blocks of best practices - ISO standards, SOC2, CSA, NIST
- we do not yet have enough solid ground to make audits a simple process for
public companies. Those who will be held accountable for cyber events at the
C-suite and board level will be pushing for clearer requirements on a federal
and international level.
The work is never done in
maintaining longevity as an enterprise through innovation and
differentiation. Though there will be
trials and tribulations when integrating new technologies, like PQC, making
these investments will put companies at the forefront of their peers. At the
same time, these companies must carefully balance their spending and
investments into productive tools to curb economic challenges, while
maintaining a high-level security posture. As we look to federal leadership to
provide improved cybersecurity regulations, companies must practice due
diligence as they brace for the ever-changing cyberattack landscape in 2024.
##
ABOUT THE AUTHOR
Todd Moore is the Vice President of Data Security Products at Thales. In his role, he drives strategy for the company's data
security portfolio that addresses existing and new customer needs. Todd is a
respected cybersecurity professional, with over 28 years' experience in helping
organizations protect their most sensitive data.