Sign-up for the latest Lookout news and threat research
Nearly two years after we were forced to experiment with remote work, 2022 will be an inflection point for both threats and cybersecurity solutions. Tune into our annual predictions episode to hear what Lookout CTO of SASE Products Sundaram Lakshmanan thinks will happen next year. We'll be discussing everything from software supply chains to threat hunting and data protection.
Hank Schless 00:09
Hello everyone and happy holidays from us here at Endpoint Enigma. My name is Hank Schluss. And I'm your host. And continuing in our yearly tradition here at Lookout, we're gonna be reflecting on everything that happened in 2021, and also look ahead towards 2022. Joining me today to discuss this is my good friend and colleague Sundaram Lakshmanan. Sundaram is our CTO of SASE products here at Lookout and was the author of the 2022 predictions blog. So who better to have on an episode about this? Welcome back to the show, Sundaram.
Sundaram Lakshmanan 00:39
Thank you, Hank. The pleasure is mine. It's always a pleasure to join you on this.
Hank Schless 00:46
So, you know, before we dive into individual predictions here, I do want to get your thoughts on 2021. Some people are saying, let's throw this year in the bag and never remember it again –– kind of like we did for 2020. But this was year two of the pandemic-driven work-from-anywhere experience, what stood out over the course of this year in the context of what we do here?
Sundaram Lakshmanan 01:07
First and foremost, Hank, you know, it's time to celebrate, and not just for the holidays, but we successfully made it. And that's a big positive. I mean, pretty much all enterprises got a big jolt at the beginning of 2020, in the first year was brutal. But the second, and I think it's smoother, I feel we made it very well, right? I mean, a lot of the same technologies were used, like, for example, people put to use VPNs at large scale to enable all these remote workforces. And this also kind of kept up with the productivity, in fact, the productivity has gone up. That's what we are hearing from our customers. The second positive is, in all these things, we have learned a lot. This shock wave, and the repercussions of it is being felt at the board level. That's what we're hearing, be it in terms of budget, or be it in terms of security incidents. But overall, that big positive here is we made it we all made it together.
Hank Schless 02:04
So you mentioned some of the things, like people were using VPN, some of the more existing tools that were at their disposal. And I think also we saw people working from any device as well. And one thing that you and I have talked about is the timeline of all this, right? So this type of transformation takes a really long time, normally, to carry out. Did you see anything particularly interesting –– on kind of the timeline of all this as well?
Sundaram Lakshmanan 02:27
Absolutely, absolutely. I mean, these types of architectural changes would have easily taken anywhere from five years to 10 years to roll out in big organizations. But given what we were hit with, these companies and these big organizations, they have reacted very well. And Hank, well, one of the things we need to remind our audience about is these enterprises were already midway into their digital transformation. And now they were hit with this whole remote workforce forced by the pandemic but, unfortunately, it is with the existing tools. Because these enterprises did not have enough lead time to think through all the changes that they would have incorporated in this type of a transformation.
Hank Schless 03:08
Right. And it seems like it really brought security to the forefront of the conversation, too. And even if it was sort of this high pressure situation for a lot of teams, like you said –– really painful at first. But once everyone started figuring it out, it made people realize that modernizing their approach to security and sort of their OPSEC is something they really need to have top of mind for the next year as well and moving forward. So the title of your blog is “Work From Anywhere” –– marks the beginning of the end of on-premise security. That sounds dramatic. So you know, can you give us a summary at what makes those legacy security solutions no longer adequate? And why is now the beginning of the end of that prem approach to security?
Sundaram Lakshmanan 03:48
So at the beginning of the pandemic, when we started having conversations with these enterprises, many of them had to switch from, you know, fixed workplaces to remote workforce. And many of the organizations wanted to jump in right away with their VPN solutions. That was kind of one of the indicators that organizations were forced into this situation. And when they started using it, we started learning a lot. One is how these on-premise security technologies have created more siloed platforms in what was already a tough situation that they were all in. When all the data moved to the cloud, all the applications moved to the cloud. And when users started bringing any device, these on-prem security technologies and siloed security technologies were not giving the enterprises the full picture of what was happening to their data. And that was kind of a big learning curve. And it became apparent. They just wanted to get over with this and they are now taking the time to transition their technology security stack as well. And moving the security technologies to the cloud, and also looking for more integrated platforms, because the difference in depth when things were on prem behind their firewall is non-existent when it comes to the cloud and work-from-anywhere world. And this is where the enterprises have started thinking. And it's a clear indication. And we have seen these type of inflection points in the past for all these on-prem security technologies, which are siloed, and which take a lot of manpower to integrate, and all those things.
Hank Schless 05:25
Yeah, it's important to ground these types of things. In those types of conversations that gets… Especially these days, it's so easy to point at one thing and say, that's gonna be the next big thing. But unless you have the context in the understanding, and the ability to really pull on those types of conversations, that doesn't really hold much water. So, understanding that you're pulling these predictions, not just from your own expertise, but also from what people are seeing on those front lines is really key, I think for something like this. And in the blog, you break down these trends into two categories. And the first sections are about challenges that organizations are going to be faced with in 2022. So let's start here for this next little section, you reference interconnectivity and remote work as to things that are going to really amplify what security gaps may already exist. So what do you mean by that? Take us through your thought process on that.
Sundaram Lakshmanan 06:14
Yeah, definitely. So see, here's the thing, right? Like when things were on prem, these applications were built independently, and then forcefully integrated through standards and whatnot, right? And the data movement was always controlled, regulated, and people could see it happen, people still had full control over all those moments. But as things transformed to the cloud, the enterprise owns very little of the stack; they don't own the application stack, they don't own the hardware, they don't own the software, or the servers running them. And also, you should look at the ease of interconnectivity. I can now for, example, take a Salesforce. And there is an app exchange platform on which there are thousands of other applications that can easily connect with Salesforce within a few clicks. Right? They enable so much productivity and so many workflows. And it's true with ServiceNow, too, with Office 65. Though with Google Workspace, now you see a pattern emerging, all the stacks operating outside the enterprise; they are interconnecting at faster and faster pace. And enterprises have no visibility or control over the data movement, right? That's one example. The other one, which we already know, which is basically people bringing in any device and accessing anything in the cloud. And this really helped the productivity. But at the same time, we have to look at where the enterprises come from within their compliance and regulatory frameworks and the challenges that they are facing. And with all these connectivities, what's happening is the data moves so much freely, so easily. And the enterprises have no visibility or control into that. And that's kind of my first prediction, because that's creating a blind spot, right? The second blind spot that the enterprises are just waking up to is the user errors and unintentional errors. I mean, you have heard how many times there are open shares and folders in the cloud. People are misconfigured; these are very environmental errors. I mean, this could be one of us doing it –– right? –– like it's not somebody's doing it intentionally; the experts do make mistakes, right? And these type of things, when things were within the firewall, these were harder to exploit. But now that it's in the cloud, there is nothing that is between the user and the cloud, or a hacker in the cloud. And this is where these things get exposed so much. And the data loss can be immensely filed by the enterprises. So these are two big things: I'm in the cloud; while it brings, as we all love, the productivity, it also opens up to many vectors that the enterprises do not have any visibility or control over.
Hank Schless 08:50
Right, I think that's really the key there, right? Not just differentiating between what's good and bad with activity, but having the context of who's doing it, how they're doing it, what they're trying to access, all that sort of stuff. It's so important.
Sundaram Lakshmanan 09:02
This is where you know that these blind spots, and these new use cases and new workflows have left enterprises unarmed in front of this whole offense. And this is where the current set of tools that are still sitting on prem or sitting in silos in different vendors and different stacks. It's not helping these enterprises to take the control back.
Hank Schless 09:24
So that kind of covers that first section there of predictions. So what about the trends because I like how you also put together the actions that organizations will be taking or will need to take in order to combat these evolving threats. If I'm reading it right, you're saying that while cloud dependency will amplify security gaps, the idea of integrated and cloud delivered security will also be how enterprises will combat these challenges and particularly as it relates to two things which I thought were really interesting use cases. The first one being threat hunting. And the second one being data loss prevention or DLP. So why… And I think this ties to the beginning of the end topic: Why do organizations need to make that shift from on prem to cloud delivered, especially in the context of those two really important capabilities with threat hunting and DLP?
Sundaram Lakshmanan 10:16
So just for the same reasons why the enterprises started moving their applications to the cloud, the same business sense makes sense here to to move the security technologies to the cloud. There is unlimited storage, unlimited compute power –– right? –– and the elasticity, the ease of management, all these things apply to the security technologies, too. And the security technologies being on prem, they're actually holding the enterprises back. But now moving the security technologies to the cloud, the enterprises are more in control, they are not worried about operationalizing the security technologies, they are more focused on using these technologies. They don't have to worry about the hardware, the software, the storage and availability, and all those things. The second important point is now these security technologies are so very well integrated. And there are some evolving platforms that offer all these technologies in full, seamless, integrated platforms like SSE security services edge or secure access service edge. And what this means to the enterprises that are leveraging them is it kind of solves a very important problem in security today, which is security actually breaks through the weakest link in the chain, which has been these integrations on the cracks on the silos. And with having an integrated platform. Now the enterprises have full visibility, full control all in one place. And now they can focus more on protecting their assets. So this is where the first trend that we are seeing is in the threat hunting, detection and response. Because with these massive data sets and massive volume of data that's being gathered by all these platforms, and siloed technologies, in whatever sense, all these things are kind of now normalized, correlated. And you know, these platforms apply AI and ML to learn all these different threads. And enterprises are able to remediate faster and react faster to these attacks, right at the same speed that attackers are able to unleash. And that is the first trend we are seeing: This convergence it’s allowing to happen in the cloud. The second is DLP. The DLP used to be a very siloed technology. Its importance was known but was never felt at scale. The DLP really is kind of a looking loss, letting us see really what's transpiring. And this is where the DLP is now going to become front and center because it's all about the data, at the end of the day, for enterprises. And there is no better technology than a DLP to tell you, you know, whether something is sensitive or not, and what sort of data is going in and out of your enterprises, and what our users are doing with the data. It's all about the data. And that's what DLP is becoming front and center. And it's getting its second life. And it's getting reinvented very differently. And it's also another trend that we are seeing, that this is becoming a center of pretty much all the conversations. Whether it's a zero trust conversation or the conversation is about regulation, meeting compliance standards, or whatnot, it comes back to data leak prevention.
Hank Schless 13:24
So the last thing that I want to touch on here before we wrap up is something that you mentioned briefly, is that term that Gartner coined a couple of years ago, which is SASE, the Secure Access Service Edge. And this has become really popular, it's become the way people are thinking about things. To wrap up our episodes, I think it'd be really valuable if you could tell us a little bit about why SASE is so critical to the future, and also why you think organizations need to really take it seriously looking into ‘22 and having it as a cornerstone part of their strategy moving forward even further just next year.
Sundaram Lakshmanan 13:59
This is kind of, you know, if you look at how, you know, we go through our day-to-day life, we use our devices to access, let's say, our email in the cloud, which is Office 65. Or it could be a CRM, Salesforce, or your Workday HR systems –– right? –– alll these applications. And then we use the same device to browse the internet. And guess what, when you're browsing the internet, you are most vulnerable. You could get breached or your data can leak back to the internet. And then using the same device, we access the private applications, the enterprise applications that are running in our own cloud infrastructure or in our data center. So now you see, in the traditional world, each of these access points was secured by a different set of technologies layered together to solve different problems. For example, when you're accessing a SaaS application, your cloud access security broker will be the technology to settle common security or access. When you're browsing the internet, it used to be the secure web gateway or the proxy gateways that come and secure the end users accessing these internet assets. And then when you're accessing your private applications, it used to be the VPN to secure your access. And then you would layer on other technologies like DLP and evan malware screening and things like that. Now, guess what? When everything has moved to the cloud, when the users have left your enterprise, all these technologies are only hampering the productivity, and are actually creating more blind spots. And this is where industry strengths started, I would say, well over like four or five years ago, which kind of peaked last year with Gartner identifying this trend and calling it as the cure access service edge, which is basically bringing all the security services to the edge to secure any type of access from any type of device. And that's where this powerful platform is being operationalized. Now, there are a few vendors that are kind of stitching together the solutions. But with this type of technology, the enterprises do not have to worry about 10 different security technologies that they have to be put together to solve these access problems. They can get it all in one place in one seamless delivered technology. And that is as easy for the enterprises.
Hank Schless 16:20
Very well put my friend. So thank you so much for joining us, as always, and I look forward to the next time that we have you on here on Endpoint Engima.
Sundaram Lakshmanan 16:30
Excellent. And thank you very much for having me, Hank. The pleasure.
Hank Schless 16:34
Absolutely. So to read Sundaram’s 2022 predictions in its entirety, please go to lookout.com/blog. And for the latest in security, you can also follow us on LinkedIn and Twitter, @Lookout. So this wraps it up for 2021 for us here at Lookout. Thank you all for tuning in. Hope you have a safe and joyous new year and we will see you next time. Thanks so much.