Assess and improve your security posture in 2022
Organizations are faced with a surge of cyber threats that are becoming increasingly sophisticated. We have experienced some major changes in the last few years, especially regarding the workforce. Companies have moved to hybrid and remote environments, thus making it more difficult to establish concrete workplace boundaries for companies and their employees. The hybrid world is creating new opportunities for bad actors and increasing challenges for IT teams. The pandemic changed the way we work, the interaction space we have and the environments in which we work.
The key for any organization to stay ahead of adversaries is to improve its security posture.
An assessment of their security posture is critical for organizations to take note of their existing assets, realize their current risk exposure and defend their IT systems. This may include maintaining a catalog of their cloud and hybrid inventory, infrastructure discovery and security measures.
In light of the benefits, here are the main trends for 2022 which will shape the need to improve the organization’s security posture:
Hybrid environment and multi-cloud management
Since most organizations are already using at least two cloud providers, multi-cloud management has emerged as the latest trend. With that in mind, security posture solutions with extensive hybrid and multi-cloud capabilities will soon become the norm.
In complex organizational environments, it is no longer sufficient to protect just the boundary of an organization. To go beyond perimeter security, every access to an organization should answer three questions:
- Who are you?
- What do you need to do?
- How much do I trust you right now?
Answering these three simple questions can help organizations push the boundaries of collaboration outside the perimeter, assuring strong posture management at the same time.
Security posture will be more and more about analytics. Security analytics will make all the difference, using AI/ML to provide a different perspective on the different aspects of security posture and enable the organization to take immediate and/or proactive decisions.
Shift towards edge
As mentioned above, multi-cloud is the first step, but governance of access rights across the entire stack will be critical. Secure access service edge (SASE) helps identify individuals and devices, apply policy-based security, and provide secure access to the relevant application or data. This method enables businesses to implement secure access, regardless of where their users, apps or devices are. According to Gartner, “By 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018.” This will force posture management solutions to provide monitoring of every device and to become a single pane of glass — a unified management console or dashboard — to detect any security drift.
It is a popular term that encompasses three main aspects:
- Log all traffic and analyze the collected logs for insights
- Allow only known traffic or known application communications
- Use the principle of least-privileged access
This will impact cloud posture management tools by enforcing compliance and regulations across the stack, as well as identifying and solving overprivileged users and identities.
This type of collaborative encryption addresses privacy and data protection in a highly distributed world. Confidential computing is a new method of encrypting workloads while they are processed. It restricts access and ensures 360-degree data security by utilizing trusted execution environments (TEEs) to preserve data and code confidentiality. It also allows data encryption to be performed in memory without exposing cloud data to the entire system.
This is another trend which will reduce the security team’s workload by automating security events. Approaches like extended detection and response (XDR) enable an enterprise to go beyond typical detective controls by providing a simpler, holistic view of threats across the entire technology landscape. XDR delivers real-time information about threats to business operations needed for better and faster outcomes.
The final general trend in posture management is simplification of the tools used in the organization’s landscape. Gartner’s 2020 CISO Effectiveness Survey revealed that:
- 78% of CISOs have 16 or more tools in their cybersecurity vendor portfolio
- 12% have 46 or more tools
When you have too many security vendors, you end up with more complicated security operations and more security personnel. Most companies look to vendor consolidation to improve security, with 80% of them having previously achieved it or being interested in doing so. As a response to this initiative, large security vendors have started to provide better-integrated products.
As a leading provider of digital transformation, Atos is the right partner for organizations looking for security control. We believe security should be available at your fingertips to help you protect what you value most — your data.
About the author
Global Cloud Security Architect
Experienced architect working in presales and delivery in front of customer, counting over 14 years in IT industry, Elena is ambitious and diligent with a drive for perpetuating Atos’ mission and values. She is Azure Cloud and Oracle Cloud Professional Architect certified, TOGAF 9 Certified, and condensed MBA graduate working for different customers around EMEA, across several industries.