Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
Security Predictions for The Upcoming Year
By Chris Peake, CISO and SVP of Security, Smartsheet
2023
was a revolutionary year in the technology and cybersecurity industries, with a
host of new technologies and innovations taking the center stage. In 2024, this
innovation will continue, requiring IT teams and cybersecurity practitioners to
shift their focus areas. These new focus areas will include transitioning from
digital transformation to work transformation, a renewed focus on zero trust
models, and with the rise of AI, an increased importance on security
partnerships. As we bid 2023 goodbye,
it's imperative to look to what's coming next.
1. Transitioning from digital to work transformation
will become a top priority for IT departments
In today's business
climate, organizations are under pressure to adapt to market changes faster
than ever before - take the recent wave of generative AI tools and applications
as an example. And businesses who can transform quickly when they spot a market
change or opportunity have a notable competitive edge.
CIOs and IT
departments can support their organization's digital transformation plans by
giving their employees access to the tools that will enable them to work
better. These days, that often means giving your employees the freedom to
experiment with new technology. When users look for new ways to get work done,
the solutions they find can be the seeds of innovation and the key to
unleashing productivity and efficiency.
This is where digital transformation becomes work transformation.
Balancing innovation
with IT control remains necessary, but striking the right balance will allow
employees to harness new digital processes that create agility, efficiency, and
ultimately drive innovation-all while ensuring ongoing security. Once employees
are empowered to transform how they work, bigger business transformations can
occur.
2. There will be a renewed focus on zero trust models
In today's hybrid
work environment, people rely on more devices, apps, and services than ever,
many of them hosted in the cloud on systems that are physically outside the
control of corporate IT.
This new landscape
requires a zero-trust model. This model is exactly what's on the label: nothing
is inherently trusted. Instead of trusting anyone inside a perimeter, it
authenticates before granting access to data. Everything - systems,
connections, communications - is authenticated and validated.
In the coming year,
we'll likely see organizations add extra layers to their models. For example,
some organizations might add role-based security, allowing them to define roles for different types of
users and manage their access accordingly. This will enable them to protect
sensitive information while reducing the barriers to access for authorized
individuals. Organizations may also add time-based access, allowing them to
manage users' access to information based on the length of the project they're
working on.
Additionally,
Generative AI has huge potential to strengthen data security and add an extra
layer of protection. Nobody can manually monitor all the data flowing through
their business; intelligent systems need to take on that burden. Machine
learning can grow to "understand" what's normal and flag anything that isn't.
3. Security partnerships will become even more
important
In the era of cloud
and AI, much of a company's IT infrastructure is no longer internal and
on-premises. As a result, security has become an increasingly complicated
dance. You must rely on multiple partners to keep your data and employees
secure, so you need to ensure you're choosing partners you can trust.
Some specific security aspects will always be your
responsibility if you're a consumer of cloud technology, such as vetting to
whom you give licenses, their assigned roles, and compliance with
organizational policies. You also have to decide what data to store on the
platform and who can access it. But beyond specific areas of responsibility
such as these, you're depending on your vendors to secure your data, keep
services up and running, and help you achieve your business and technology
goals.
This has become especially important with the rise
of generative AI tools - you need partners who will be responsible with your
data when innovating with and incorporating AI capabilities into their
products. And partners are actively working with this technology: IBM found
that 93% of surveyed IT
executives
reported already using or considering the use of AI for security operations.
Carefully evaluating
providers and partners and making decisions based on trust is essential. We
need solutions and solution providers to work together to help us ensure
security for our systems, organizations, and data.
##
ABOUT THE AUTHOR
Chris Peake is the chief information
security officer (CISO) and senior vice president of security at Smartsheet. He
is responsible for leading the continuous improvement of the security program
to better protect customers and the company in an ever-changing cyber
environment, with a focus on customer enablement and a passion for building
great teams.
Chris has over 20 years of experience in
cybersecurity during which time he has supported organizations like NASA,
DARPA, the Department of Defense, and ServiceNow.
Chris holds a PhD in cloud security and
trust. He enjoys biking, boating, and cheering on Auburn football.