2021 has undoubtedly been an unpredictable time for many organisations globally. Although there continues to be uncertainty around what the future holds, Nathan Howe, VP of emerging technology at Zscaler, has collated a list of technology transformation predictions for 2022 and beyond.
The global chip shortage will prompt a re-evaluation of hardware-based security
The pandemic sparked a rush for firewalls to protect networks as corporate estates expanded. Now, the impact of the global chip shortage will continue to be felt into 2022, and it will call into question why enterprises still rely so heavily on hardware.
Security is a pressing issue that cannot wait until hardware vendors can deliver delayed appliances, sometimes with lead times of more than six months. Conversely, cloud-based security capabilities are ideally placed to reduce reliance on hardware. To take advantage of this, enterprises will need to adapt long-held approaches and secure multi-cloud environments in place of network perimeter security.
Hybrid work will shake up IT infrastructure
The pandemic has changed the way employees approach their home and work life, with the majority of folks choosing to work for companies who allow them to work from anywhere. Moreover, flexible workspaces will prompt investments in collaborative tools and wireless capabilities, along with cloud-agnostic technologies.
As hybrid work becomes the new normal, enterprises will accelerate their digital transformations to ensure the fast and secure access to cloud resources that they now need. Central to such a modernisation of infrastructures will be the adoption of cloud-native services that support application access from all locations, along with security policies and practices that protect data and assets within such an approach, and guarantee user-friendliness at the same time.
Addressing ransomware will remain a priority
As companies adjust to hybrid working and re-evaluate their IT infrastructure and security protocols, the threat of ransomware will stay high. Ransomware attacks will continue to become even more sophisticated and disruptive, not to mention costly to businesses. As such, organisations will need to focus on ransomware prevention and recovery to protect data and assets, and avert risk to corporate reputation. This begins with anti-ransomware tools that quarantine and analyse files before delivery to prevent infections, along with decryption and inspection of encrypted traffic to reduce risk. Insight into all data traffic will become paramount in the fight against ransomware.
Zero trust fatigue will call for a clearer definition
Divergent zero trust definitions and confusion over what zero trust actually means, jeopardises the sensible adoption of more secure policies. Despite this, governments will drive zero trust deployment and uptake in response to the continuing threat of ransomware and other cybercrimes.
Therefore, a holistic approach to zero trust is necessary to gain its benefits, yet enterprises swayed by the zero trust hype but lack a complete understanding of it will fall victim to tick box purchasing. Technology providers must help businesses understand risk tolerance within zero trust, and the need to remove implied trust that has been accreting within networks from their very beginning. Without active trust reduction, zero trust is just another access method.
Instant and real-time demands will drive 5G and edge computing
IoT services requiring ‘instant’ and ‘real time’ data exchange will challenge 5G to deliver. Latency will be addressed in various ways, such as edge computing, which brings applications closer to end-users, enabling 5G to compute workloads where users are.
In the same way that users accessing devices and applications from anywhere pushes security and access close to users, machine-to-machine applications will demand secure access for entities with all connections inspected and secured. 5G encourages a cloud model because devices needn’t connect to just one cloud edge or one data centre to access applications; they can connect to multiple values of applications.
Automation will get smarter through AI and ML but will divide opinion
Artificial intelligence and machine learning will help drive detection and response of advanced threats. It will be more widely implemented through the automation of processes and in support of decision-making, but some applications will risk alienating public opinion without clear personal privacy boundaries.
The AI and ML debate will continue to highlight the personal privacy issues raised by technologies such as facial recognition. The public will demand clarity over how their privacy is safeguarded; without this the wider adoption of such technologies will be hampered.
Workload orchestration will become a priority
Workload orchestration across Cloud, the edge, and data centres will be key as workloads follow people across zones. Enterprises will increasingly recognise the need to protect workload data as it moves through cloud environments. Security controls must be workload-centric and not coupled with the cloud platform, while multi-cloud implementations will require governance models to determine who can access what and where data can move. Cloud agnostic multi-vendor strategies will call for clear IT and security policies.
Organisations will learn more about the internet and less about their internal network
Emphasis on the corporate network will continue to decrease as the internet becomes the connective tissue for businesses. The work-from-anywhere culture, and shift to cloud services on a more wholesale basis, will drive demand for connectivity as a service with enhanced security, user-friendliness, and increased control.
As enterprises move towards connectivity as a service, security as a service technology will deliver advanced security capabilities from the cloud to simplify IT infrastructures, while enforcing access policies consistently wherever users connect.
Operational technology will need to be modernised
Operational technology (OT) lags IT in overhauling security in response to enlarged attack surfaces. Now, OT is a risk to IT and will need modernising if companies are to mitigate risk to business continuity.
Costly security breaches put production lines at risk and negatively impact corporate reputations. OT equipment manufacturers must be prepared to bake security into their products, to test this throughout, and to prove the security credentials of finished products entering production and other environments. As it becomes more widespread, this robust security approach will become industry best practice and the baseline that is demanded when equipment is procured.
Technical debt will continue to put organisations at risk
VPNs, remote desktops, jump boxes, and others added in a hurry to meet the connectivity demands of a work-from-anywhere workforce add risk to corporate IT infrastructures. Expedited solutions serve a purpose, but can soon become an encumbrance if their addition is not evaluated in the context of the entire IT estate. Technical debt often proves difficult to remove, and the security concerns it poses will therefore grow, unless companies evaluate their attack surface and take action to remove dangerous set-ups.