At the beginning of 2022, we predicted five trends would shape the cybersecurity landscape, referencing topics ranging from Zero Trust to tech literacy. Jason Floyd, Ascent’s CIO, gave his perspective in January of 2022. Today, we’re reflecting on the past year’s trends to see how close we got.
Prediction 1: Zero Trust will reorganize IT teams
The 2022 Reality:
The Zero Trust phenomenon has overtaken cybersecurity, from full-service providers to niche vendor solutions. We’ve watched sellers and buyers give countless definitions of what Zero Trust is, but we took a backward step and asked what Zero Trust isn’t.
It’s not a software to buy or a marketing schtick. Zero Trust is a strategic framework requiring collaboration across IT teams – from security, infrastructure, GRC, identity security – to view their environment through a risk lens. In fact, Zero Trust has influenced every part of corporate organizations, reorganizing operations through technology-focused change management. We’ve worked with clients to increase employee productivity, decrease user friction, and solidify secure process design.
The collaboration Zero Trust requires has reorganized IT teams, acting as informal cross training, encouraging each IT team member to think through the security and business implications of each process and platform enabling business as usual.
Zero Trust has also reorganized IT priorities. Through partner relationships and countless client engagements, we’ve observed best practices essential to identity security have incentivized the creation of security-centric software and preference for best-in-platform over best-in-suite requests from CIOs, CTOs, and CISOs.
Prediction 2: Security teams will need to return to the foundations of risk documentation
The 2022 Reality:
The recession hasn’t bypassed the rapidly growing cyber industry. More and more clients and connections in IT leadership realize finance teams map budget priority through cyber data. Those detailed alert patterns captured through classic risk documentation translate to the information executives need for IT budget prioritization.
Zero Trust’s implicit tactical connection between poor identity security and social engineering underlines each employee’s responsibility to follow basic cyber disciplines. Holistic security throughout an organization’s infrastructure reduces revenue loss.
We’ve watched clients whose risk-based approach gathers SOC threat intel, filtered to their business’s demographic, use it to shape and prioritize technology investments. Through that data, IT can mitigate the threats most probable to their business.
Prediction 3: Security technologists will need software development skills to be tech-literate
The 2022 Reality:
SecOps has always been essential to cybersecurity, but we’re thrilled developers are getting a moment in the spotlight. The growing cyber gap continues to emphasize the need for adaptable experts. Those builders need a framework. It’s more essential than ever for developers to architect each custom approach around security best practices.
Breaches like Uber this year and previous ones like Log4j and SolarWinds show the power to customize and hard-code software is a blessing and a curse. Endpoint security in the digital age should aim to log and prevent any opportunities for a breach.
Our clients often engage us because their firm isn’t seeing a value return from previous IT investment. In many cases, the technology implemented needs further adaptation to fit the client’s needs. We’re continuing to watch (and answer the demand!) for customized, user friendly solutions maximizing a client environment’s potential.
Prediction 4: SOAR will refine and elevate SIEM process and tactics
The 2022 Reality
Like Zero Trust, there’s a lot of buzz around the term “modern SOC.” We believe a modern SOC isn’t run by a big brain AI but intelligent humans developing a process around automated technology, often called SOAR. Increasingly, our clients are requesting more bang for their buck, specifically by offloading repetitive alert triage to automated processes and instead assigning SOC members to collaborative but focused red, blue, purple, and green (adversary, defenders, SecOps, and DevOps) teams.
We’re hugely optimistic about SOAR processes spreading past the SOC, elevating an organization’s GRC, HR processes like onboarding and offboarding, data capture and storage, and many other operational systems.
Within concentric circles of internal threat intelligence, internal operational data, and external threat data, we’re watching SIEM process encourage Zero Trust architecture by leveraging MITRE ATT&CK threat intel to shape security-informed best practices.
Prediction 5: SASE will define all network security investments
The 2022 Reality
Just like baseball, it’s hard to bat 1.000, but we were close on this prediction. Secure Access Service Edge (SASE) is a specific type of technology governing identity access across an organization. While we’ve seen less implementations of this specific product within our client network, we have watched the priority on Zero Trust Network Access (ZTNA) rise.
ZTNA strategy implemented in an organization enables secure access regardless of geographic location, eliminating the need for VPNs and reducing the probability of an unverified user breaching an organization.
At a broader level, SASE is a facet of the Zero Trust fundamentals undeniably reordering the security landscape. From policy to remote work, our clients’ budget priorities have shifted to include technology equipping their greatest security strength and weakness: employees.
As we wrap up 2022, we’re gathering five more cyber trends for 2023. Follow Ascent Solutions on LinkedIn for updates and watch for our newest predictions on January 3, 2023. If you are interested in partnering with our experts, reach out to email@example.com for more information.