We regret to inform you that we will no longer be publishing Information Management. It has been an honor to provide you with the insights and connections to move your career forward. We wish you continued success on your professional journey and welcome you to explore our other titles at www.arizent.com/brands.

5 ways enterprise security will adapt to data on the move in 2020

Organizations are embracing workforce mobility, IT consumerization and cloud computing. Looking into 2020, there’s one security issue that remains impactful: human resource constraints.

As the enterprise faces a wider range of threats, attack vectors and a broader range of global data privacy mandates and legislature, leadership will seek to progress holistic security strategies, including Zero Trust. They will also adopt greater orchestration mechanisms that enable digital transformation while managing cyber threat and data breach risks. This will also allow the enterprise to better address the rise of malware and targeted attacks, the influx of IoT devices, and cyber security talent crunch.

2020 will see the enterprise demand greater cybersecurity interoperability and means to ensure visibility, intelligence, conditional access and more expedited threat response.

Zero Trust goes from “nice to have” to “must have”
This past year’s publicity of nearly 4,000 data breaches and leakage of billions of records helped to spur adoption of the Zero Trust model at more progressive IT organizations. In 2020, a greater number of organizations across industries will migrate controls to align to Zero Trust.

As workforce mobility and data center to cloud migration continue to accelerate, organizations across a broader maturity spectrum will be forced to adopt the Zero Trust principle of conditional access based on user, device, and security posture authentication and application infrastructure verification, or else realize more frequent exploits and data leakage.

Security tools will continue to consolidate
Each year, more and more security technologies are introduced, leaving security architects and network managers forced to assess, manage and juggle a bunch of new security tools. It’s a circular paradigm of exploring new tools to suit new threats or business needs.

For example, it’s not unusual for an organization to have a multitude of different gateways to protect different applications. The amount of effort and the level of complexity for a security admin to manage all these different proxies is high, and it exposes organizations to visibility and controls gaps in what already amounts to a large attack surface.

I see this in access security, where control creep and cumbersome audits have become the norm. In 2020, we will see increased enterprise demand for security orchestration capabilities, not only to improve threat prevention, resource microsegmentation and incident response, but to better assure access visibility and governance.

Workforce Mobility and BYOD will become the attack vector of choice
Workforce mobility and bring your own device (BYOD) are being championed by all organizations to be competitive. It is also making mobile devices and applications a lucrative attack vector. Corporate issued computing devices are no longer being used solely for work and certainly users are unknowingly connecting these devices to insecure networks and web destinations.

In many companies, users no longer have designated “work” or “personal” computers and are increasingly bringing in their mobile devices, and even smart watches and personal wifi, on company networks. Organizations need to abandon the belief system that everything in the perimeter is secure. Unfortunately, it’s much easier to phish users on mobile applications and infect laptops than attempt to brute force attack systems at the network periphery. As a result, the industry has witnessed an increase in malware attacks and data breaches.

In 2020, organizations need to stop differentiating between remote and local users and instead apply the same security postures and compliance checks to all users. Vigilant user awareness and endpoint compliance will become a new focal point in every organization.

Continued adoption of AI for cybersecurity threat response and risk mitigation
65% of enterprise cybersecurity teams aren’t using automation to manage their environments. And, given the increasing complex nature of the digital ecosystem, this will change in 2020 as AI and ML technologies for automated response to cybersecurity and risk mitigation continue to evolve.

Furthering this trend is a better understanding of how AI and ML can be deployed in the cyber threat prevention space without creating false positives. There is currently a knowledge gap among many security experts with how AI approaches work, what sources they should be pulling ML information from, and how they can be effectively applied.

More so, if AI is used for automation, it may also be exploited. Can you imagine the operational chaos and regulatory implications that would occur if an AI solution was compromised and used against an organization or individual? Companies must fully examine AI or ML technologies to make informed decisions on their use. They must know what defenses and guardrails are available and how to response should an issue arise.

Regulatory requirements catch up to reduce IoT and IIoT device security exposure
After years of haplessly watching technology race ahead of regulation, governments around the world have started to enact regulations to protect consumers and mitigate security risk. A big focus for 2020 will be the increase in regulatory requirements around IoT and IIOT devices as they proliferate in corporate networks and OT systems.

It is one thing to see home video security systems compromised, it is another when corporate HVAC or even lighting systems are exposed. When organizations do not know where a device is on their network, or who it is communicating with, that poses severe risks. And, as more organizations adopt IoT and IIoT devices in the workforce, there needs to be security policy and controls in place.

In the United States, much of this regulatory reform has been spearheaded by the state of California, which recently passed SB-327, the first law to cover IoT devices. It will take effect January 1, 2020, and regulators around the world will certainly be watching to see how effective the legislation is at minimizing security risks from IoT devices. Since the regulatory laws often have a cascading effect, we can certainly expect to see similar bills appearing across the country and eventually at a federal and even global level.

As enterprises adopt mechanisms that enable digital transformation – like workforce mobility, IT consumerization and cloud computing – they must also manage growing cyber threats and data breach risks.

In 2020, cyber threats will continue to advance in sophistication and enterprises will remain vulnerable as attack vectors grow. The enterprise must seek greater cybersecurity interoperability to guarantee the visibility, intelligence, conditional access and more expedited threat response necessary to mitigate cyberisk in today’s advanced threat landscape.

For reprint and licensing requests for this article, click here.