A decade ago, many were reluctant to move to the cloud. Many felt like they would have to relinquish controls they had within their perimeters. That sentiment has since reversed, where organizations have become more comfortable with cloud technology. The newest concern is about corporate data leaving the cloud, especially as employees expect to work from anywhere. Software-as-a-service (SaaS) applications have enabled people to stay productive from anywhere, but have also amplified security gaps.
As we march towards the new year, I expect these challenges, whether they are related to data security or software vulnerabilities, will continue to intensify. At the same time, security technologies will converge in the cloud to deliver threat hunting and data protection in integrated solutions to combat these evolving threats.
I believe that in 2022 we will see the beginning of the end of on-premises security tools, as isolated, point solutions running in data centers. Just as you wouldn’t bring a sword to a gunfight, organizations need to transition to integrated cloud-delivered solutions to tackle emerging threats.
Threat predictions: increased interconnectivity and remote work will exacerbate security gaps
Before the pandemic, organizations were already relying on cloud apps and services to streamline operations and boost productivity — a process that accelerated dramatically in 2020. But this increased connectivity has created new challenges. The speed by which apps are updated and how effortlessly users can share content will magnify security gaps in the software supply chain and data security.
1) Cloud connectivity and cloud-to-cloud connectivity will amplify supply-chain breaches
One area organizations need to continue to watch out for in 2022 is the software supply chain. We tend to think of cloud apps as disparate islands used as destinations by endpoints and end users to collect and process data. The reality is that these apps constantly communicate with different entities and systems like software-update infrastructure and with each other — interactions that are often not monitored.
In late 2020, the cybersecurity community uncovered one the worst breaches in recent memory when the SolarWinds software-publishing infrastructure was infiltrated. More than 100 organizations, including nine U.S. federal agencies, were compromised by trojanized updates that opened backdoors to their infrastructure. This is a prime example of how a weak supply chain can be used to amplify the attack by taking advantage of the cloud interconnectivity. Now that this attack vector was proven to be successful, I expect copycats to follow suit in 2022.
In addition to SolarWinds-type attacks, I predict threat actors to look into exploiting another seldomly-monitored area: cloud-to-cloud interaction. For example, it is very common for organizations to use HR software to capture an employee’s personal and financial information, which is then shared to a payroll system. Once apps are connected to each other, seldom do enterprises monitor these automated workflows for changes in behavior. An attacker could exploit this implicit trust between systems to siphon off sensitive data without anyone noticing.
2) User error and account compromises to become more pronounced
One of the major advantages of SaaS apps is the ease by which we can collaborate with colleagues, customers and business partners. Using apps like Workday, Salesforce, Slack, Google Workspace or Microsoft 365, we can share content and collaborate with others with very little friction.
But this interconnectivity also significantly amplifies the impact of any user errors or attacks. Whether an employee accidentally shares a document with the wrong person or a compromised account extracts information, data now moves at lightning speed. As we head into 2022, with hybrid and remote work cemented as the new norm, I expect this to become an even bigger issue.
Security trends: bridging the security islands by integrating threat hunting and data protection delivered from the cloud
While the increased cloud connectivity will have negative ramifications, I expect organizations to keep pace by leveraging cloud-delivered cybersecurity solutions. Just as organizations have moved operations to the cloud, so should security solutions. Whether it’s threat hunting or data loss prevention (DLP) technologies, security teams need to take advantage of the storage and computing power of the cloud that enables at-scale intelligence.
1) Converging technologies to bring threat hunting to a new level
One of the steps organizations need to take to tackle evolving threats is to leverage threat hunting, also known as detection and response. The requirement for this is quickly becoming recognized, including with the U.S. government. I’m encouraged by the fact that the U.S. Office of Management and Budget (OBM) recently provided funding guidance for federal agencies to adopt detection and response capabilities.
To operationalize threat hunting in 2022, I expect organizations will look into integrated endpoint-to-cloud security solutions that are cloud-delivered. With everyone working from anywhere and using unmanaged devices and networks, there are an unprecedented number of entities and communications for security teams to track. When security technologies converge in the cloud, organizations can take advantage of storage and computing power that on-premises tools never had. Security teams can also leverage security insights in a single place, enabling them to proactively hunt for threats or conduct forensic investigations.
2) DLP to become center of cloud-delivered cybersecurity
DLP has traditionally been deployed as a standalone tool tethered to an enterprise’s perimeter data exchange points. This isn’t how things work anymore — where data flows freely between clouds, endpoints and other entities — not just enterprise managed, but also with partners and contractors. To regain control, organizations need full visibility into how their data is handled regardless of where the users are and what device and network they’re using.
In 2022, I predict that organizations will accelerate the move to cloud-delivered solutions where data protection, inclusive of DLP and enterprise digital rights management (E-DRM), are at the heart of it. More and more enterprises will look for advanced DLP capabilities such as exact data match (EDM) and optical character recognition (OCR) to keep abreast of all the new workflows. Only by tapping into the scalability and power of the cloud can security solutions ensure that data is protected efficiently without hindering productivity.
Is 2022 the beginning of the end for on-premises security?
Nearly two years after most organizations were forced to experiment with remote work, 2022 will be an inflection point for both threats and cybersecurity solutions. With increased interconnectivity comes heightened security gaps, such as software supply chain vulnerabilities and data leakage. But this also means an accelerated adoption of integrated, cloud-delivered security solutions that enables proactive threat hunting and advanced data protection.
On-premises security tools that are deployed in isolation are no longer enough, even for on-premises workloads. To tackle the ever-evolving challenges of a cloud-first world, organizations need to invest in an integrated platform that can secure their data from endpoint to cloud.
The threat landscape will continue to evolve in 2022. I encourage you to not bring a sword to this gunfight.
To learn more about how organizations should take advantage of the convergence of security technologies, download a complimentary copy of the “2021 Gartner Strategic Roadmap for SASE Convergence."