What might 2021 bring in term of technology?
Community and market experts found consensus on a few areas. First, cloud security will dominate strategies and investments even more that it did during 2020, as organizations big and small go all in on digital transformation. And second, technologies once deemed “on the horizon” – think automation, 5G and even the much hyped artificial intelligence – will officially arrive.
As part of our year in review, which looked at critical events during the last year and how they might influence 2021, SC Media collected predictions across a range of categories from cybersecurity experts. Here we give you the tech roundup. Check back during the next couple of weeks to see community predictions for the threat landscape, strategic priorities, and privacy policy.
Tech Automated control testing improves audit efficiency, says Jon Siegler, chief product officer at LogicGate:
“While [Robotic process automation] has been more fruitful for [governance, risk management and compliance] than AI, there are new use cases for AI emerging. One in particular that many companies will begin looking to is AI for automated control testing. For various certifications of compliance like SOC 2 and FEDRAMP, companies must submit evidence to auditors proving that their controls are effective. This is traditionally a very tedious process that involves many people and a highly coordinated effort. AI will begin to help automate that evidence collection process, making it easier for organizations to keep up with reapplications for certifications.”
AI will play an increasing role into the future, says Hal Lonas, chief technology officer at Webroot:
“While the good guys are using AI to make the workforce more productive, the bad guys are finding AI’s weaknesses and exploiting them every chance they get. One example is the increasing sophistication of deep fake videos and images. There are also numerous fake posting bots “participating” on blogs and forums, that are sophisticated enough to push left-wing or right-wing agendas, based on their programming. We know there are foreign governments who experiment with these capabilities to change public opinion and nudge elections to suit their purposes.”
IT will infuse access governance with intelligence to protect workforce cybersecurity in 2021, says Eve Maler, CTO at ForgeRock:
“In 2021, we will see AI increasingly employed to enable an autonomous identity approach. AI-infused authentication and authorization solutions will be layered on top of, or integrated with, existing IGA solutions, providing contextual, enterprise-wide visibility by collecting and analyzing all identity data, and enabling insight into different risk levels of user access at scale. The use of AI will allow systems to identify and alert security and compliance teams about high-risk access or policy violations. Over time we will see these AI systems produce explainable results while increasing automation of some of the most difficult cybersecurity challenges inside the enterprise.”
2021 will mean maximizing the potential of 5G with edge technologies, says James Kretchmar, vice president CTO of Akamai Technologies Inc.:
“More 5G roll-outs next year means more devices connecting to the Internet at higher speeds. But faster connections alone don’t make for better performance. If content is positioned far from the mobile device, it still must traverse network after network across the Internet where each hop is a bottleneck that can become congested and ruin the user experience. One way to overcome this is to leverage edge technologies which bring the content close to the user, reducing the distance the data must travel. As such, edge technologies like CDNs will become even more essential in 2021.”
Finally, the year of cloud security arrives, says Gidi Cohen, CEO and co-founder of Skybox Security:
“Cloud security adoption has been limited as of late, but thanks to the mass migration spawned by COVID-19, companies had no other choice but to ‘leap before looking’ to the cloud to maintain business continuity and ensure survival. Expect to see a ‘more secure’ organization that typically favors the private cloud to move into the realm of public cloud. As a result, we will see faster adoption of cloud security technologies, as well as more engaged security teams – ones that take ownership. This will lead to better security posture management overall across the cloud, as well as on-premises, data centers and everything in between.”
Quantum computing will become the next WannaCry for malicious actors, says Gaurav Banga, CEO and founder of Balbix:
“Quantum computing is likely to become practical soon, with the capability to break many encryption algorithms. Organizations should plan to upgrade to TLS 1.3 and quantum-safe cryptographic ciphers soon. Big tech vendors Google and Microsoft will make updates to web browsers, but the server-side is for your organization to review and change. Kick off a Y2K like project to identify and fix your organizations encryption before it is too late.”
Automation continues to be a priority, but human context will be the key to security program management and success, says Florindo Gallicchio, managing director at NetSPI:
“By now, we all understand the value automation brings to any security tool. Yet, in 2021, the human element will be pushed to the forefront of security innovation, specifically for our intellect and ability to add context to security findings. Contextualizing security findings will be an invaluable tool to boost remediation efforts in the new year, as the number of vulnerabilities remains exponential and context is key to helping us prioritize.”
Addressing bias in AI algorithms will be a top priority, causing guidelines to be rolled out for machine learning support of ethnicity for facial recognition, says Robert Prigge, CEO of Jumio:
“Enterprises are becoming increasingly concerned about demographic bias in AI algorithms (race, age, gender) and its effect on their brand and potential to raise legal issues. Evaluating how vendors address demographic bias will become a top priority when selecting identity proofing solutions in 2021. Organizations will increasingly need to have clear answers to organizations who want to know how a vendor’s AI ‘black box’ was built, where the data originated from and how representative the training data is to the broader population being served.”
Governments will start to turn their regulatory eye to machine learning, hoping to mitigate the negative impact of its use, says Florian Douetteau, CEO at Dataiku:
“The European Union is leading the way with planned legislation to define the acceptable uses of various forms of AI. This is not necessarily about reducing use — for example, regulation may enable beneficial applications of facial recognition technology that are currently restricted by data privacy regulations. But what is clear is that businesses will have to take heed of yet more regulation when applying ML.”
Cloud-native security M&A on the horizon, says Alyssa Miller, cybersecurity advocate at Snyk:
“The market today is flooded with niche tools that serve a specific technology need. Starting in 2021, we will see an increase of M&A activity in the security industry aimed at unifying these point solutions to support an overarching cloud-native security portfolio. The companies who are best positioned for the future of cloud computing and security will be able to unite niche tools with the infrastructure and distribution of enterprise scale.”
Organizations will consolidate and integrate tools to achieve zero trust, says Jason Soroko, CTO of PKI at Sectigo:
“You can’t go out and buy DevOps or zero trust. They’re a set of principles, not a singular product. Technologies now are carefully crafted to align with these principles to meet zero trust architecture and DevOps/DevSecOps philosophies; however, in order to make the lives of customers easier, we’ll see a trend toward the integration of these tools. Companies will combine the principles and policies of each of these concepts to create one technology. Rather than piecing together solutions themselves and buying new products to cobble together, companies will create solutions that ultimately make their customers’ lives easier.”
We’ll continue to see amplified cloud and SaaS adoption as remote working drives new requirements for more digital services, better on-line experiences, and on-demand access to information, says Carolyn Crandall, chief security advocate and chief marketing officer at Attivo Networks:
“Hybrid cloud and multi-cloud requirements will drive a transformation of infrastructure and security best practices. There will be an increased need to extend and link governance across all environments and a need to have more standardization and security control around cloud identity and access management. This will include a wider adoption of cloud infrastructure entitlements management (CIEM), which will be required for managing and reducing risks related to identity and cloud access management.”
Realizing 5G comes from realizing test, says James Kimery, vice president of product management for connected devices at Spirent Communications:
“The role of test in 5G is essential. If you do not have a third-party arbiter, then interoperability is simply impossible – and interoperability is the key to opening up the 5G ecosystem in the new year. The cost of test will likely increase in 2021, and while this poses an opportunity for some companies to increase cost of delivery, there will be more options available than ever before. If organizations looking to implement test take their time assessing the options, they will see a benefit to the increasingly competitive market. Getting ahead of the testing trend, which I predict will become ingrained in even more compliance measures in the coming year, is key in realizing the promise of 5G, open RAN and related deployments.”
AI will gain momentum in cloud security and governance, says Keith Neilson, technical evangelist for CloudSphere:
“In 2021, AI will go far beyond simply detecting anomalies and thereby flagging potential threats to security teams. Cloud governance is an increasingly complex task and is quickly reaching a point where it’s impossible for humans to manage alone. AI will increasingly be relied on in the coming year to maintain cloud hygiene by streamlining workflows, managing changes and archiving. Once proper cloud hygiene is established and maintained with AI, it will also be used as a strategic predictive knowledge tool. By predicting and addressing threats and vulnerabilities, AI will help enterprises create the best possible outcome for their cloud environments. Leveraging AI as a strategic asset will empower CIOs to make informed decisions about their cloud environments, such as evaluating costs and compliance risks.”
There will be increased adoption of technology that capitalizes on artificial intelligence and machine learning to automate key security functions, says Rohini Kasturi, chief product officer at Pulse Secure:
“COVID-19 resulted in a massive, global shift to a remote workforce. However, next year we will enter a completely new normal when we start to see more workers return to the office while others, who are not yet able or willing to make the transition, remain home. This will result in a split that forces IT departments to handle the demands of both full-scale on-premise and full-scale remote access. The only way to be efficient in the new world of work will be to utilize solutions with automation capabilities instead of relying solely on in-house security teams.”
Service mesh vendor consolidation will start in 2021, says Liz Rice, VP of open source engineering at Aqua Security:
“Many organizations have been early adopters of service mesh technologies to automate and standardize functionality that would otherwise have to be implemented in application code. While particularly helpful for things like setting up observability and secure connections between components, most would agree there are now too many solutions in use. Organizations will rationalize their service mesh implementations, choosing those that give them what they need, and perform well, with a minimum of complexity.”
