http://www.digitaljournal.com/business/2020-security-predictions-that-every-enterprise-needs-to-note/article/563612

2020 security predictions that every enterprise needs to note Special

Posted Dec 15, 2019 by Tim Sandle
According to security experts at secure access provider Pulse Secure, 'Zero Trust' will continue to gain momentum and an increasing number of technologies will move towards security measures that adapt to the needs of the modern workforce.
Untitled
Andrew CABALLERO-REYNOLDS, AFP/File
As well as 'zero trust' being the buzz concept in cybersecurity, Pulse Secure foresees enterprises beginning to streamline security across the entire digital ecosystem. Also in 2020 there will be a pressing need to be proactive in the face of increased regulations.
To discover more, Digital Journal posed key cybersecurity question to Sudhakar Ramakrishna, CEO at Pulse Secure; Prakash Mana, VP of Product; and Mike Riemer, Chief Security Architect.
Digital Journal: Will 2020 see Zero Trust move from being a “nice to have” to a “must have”?
Sudhakar Ramakrishna: “Zero Trust garnered a significant amount of attention in 2019 as companies at the cutting edge of enterprise technology began adopting it. In 2020, organizations at all levels of digitization will convert to Zero Trust frameworks as the threat landscape diversifies. As remote work and hybrid IT models become increasingly common, organizations across all industries will adopt Zero Trust in order to better manage user access and data. With hybrid IT adoption comes an additional challenge: transition. Securing legacy systems while ensuring data is moved securely requires a complete understanding of the ecosystem, as well as the ability to translate different policies across shifting systems. By vetting every user and device before allowing them access, Zero Trust minimizes threats while ensuring nothing is lost in transition.”
DJ: To what extent will security tools continue to consolidate?
Ramakrishna: As more and more enterprise technologies have been introduced, security architects and managers have been forced to adopt and juggle an increasing number of security tools. There is a unique paradigm happening where customers and their vendors explore new products whenever the organization adds new use case, including Cloud infrastructure or SaaS applications. For example, it’s not unusual for an organization to have a multitude of different gateways to protect different applications. The amount of effort and the level of complexity for a security admin to manage all these different proxies is high, and it exposes organizations to visibility and controls gaps, as well as vulnerabilities due to a larger attack surface. In 2020, we will see increased enterprise demand for comprehensive security solutions to manage access across a company’s entire digital ecosystem – from mobile access, to cloud, to data centers and even IoT devices – on one unified platform.
DJ: Will BYOD increase the use of mobile platforms an attack vector?
Prakash Mana: The bring your own device (BYOD) trend being championed by the mobile and remote workforce is making mobile platforms a lucrative attack vector for fraudsters. It’s much easier to infect a mobile application and let it do your work than to attack a larger system – and the industry has witnessed an increase in malware attacks on internal networks vs. external networks as a result. This needs to be a strong focal point in every fraud prevention strategy for 2020.
As the BYOD trend continues to proliferate - and employees no longer have designated “work” or “personal” computers and are increasingly using mobile devices, and even smart watches, on company networks – organizations need to abandon the belief system that everything in the perimeter is secure. In 2020, organizations need to stop differentiating between remote and local users and instead apply the same security postures and compliance checks to all users. This will ensure it is the right user, using a clean device. Employing Zero Trust principles will help stop the dramatic increase in attacks on internal networks, while allowing companies to remain agile in digital transformation and future of work initiatives.”
DJ: Will we see a continued adoption of AI for cybersecurity threats?
Mike Riemer: “65 percent of enterprise cybersecurity teams aren’t using automation to manage their environments. And, given the increasing complex nature of the digital ecosystem, this will change in 2020 as AI and ML technologies for automated response to cybersecurity and risk mitigation continue to evolve.
Furthering this trend is a better understanding of how AI and ML can be deployed in the fraud prevention space without creating false positives and while ensuring the solution implemented is doing what it is supposed to do. There is currently a knowledge gap among many security experts with how these solutions work, what devices they should be pulling ML information from and how they can do it in a secure fashion. Any organization implementing an automated, intelligent solution in 2020 needs to first secure its infrastructure to ensure they aren’t exposing their company to new vulnerabilities.
Can you imagine the chaos and cascading security and regulatory implications that would occur if an AI solution was compromised and used against an organization? Companies must proactively defend their AI automation from attackers. If an organization is relying on AI or ML technologies to make intelligent decisions for them, they must know definitively that no one has tampered with it and that the information is accurate.
DJ: Will regulatory requirements catch up to reduce IoT and IIoT device security exposure?
Riemer: After years of haplessly watching technology race ahead of regulation, governments around the world have started to enact regulations to protect consumers and mitigate security risk. A big focus for 2020 will be the increase in regulatory requirements around IoT and IIOT devices as they proliferate in corporate networks and OT systems. When organizations do not know where a device is on their network, or who it is communicating with, that poses severe security risks. And, as more organizations adopt IoT and IIoT devices in the workforce, there need to be security policy and controls in place. In the United States, much of this regulatory reform has been spearheaded by the state of California, which recently passed SB-327, the first law to cover IoT devices.
It will take effect January 1, 2020, and regulators around the world will certainly be watching to see how effective the legislation is at minimizing security risks from IoT devices. Since the regulatory laws often have a cascading effect, we can certainly expect to see similar bills appearing across the country and eventually at a federal level. Organizations will need to make sure they, or any third-party security vendors, are compliant to protect IoT devices and the information they contain.”
DJ: Will consumers expect more in terms of security in cloud and SaaS?
Riemer: “Cloud is now the norm across a wide range of industries, as is SaaS. Traditionally, the response to adopting a new enterprise technology is to purchase new products to secure it. As the digital enterprise has become more complex, that model is simply not sustainable for stretched security personnel. Adding to this complexity are regulations like the GDPR, which introduced penalties for not adequately securing consumer data. In 2020, cloud and SaaS providers are working with security vendors to proactively secure cloud and hybrid environments, as well as secure SaaS products. As customers adopt Zero Trust policies, they will scrutinize any outside software for security flaws that could compromise their business, raising the industry standard for security in cloud and SaaS products.”
DJ: There's been talk of healthcare being particularly vulnerable to cybercrime. Is this correct?
Riemer:It is already well-understood that the healthcare industry struggles to secure its trove of sensitive data. But, even as widely discussed as this issue is, the healthcare industry has been slow to adopt effective security measures and quick to embrace an even greater influx of data during digital transformation efforts.
As healthcare continues to evolve towards the convenient, self-service model that today’s digital-first consumer demands, there will be serious security implications as companies try to control the release of data and information. For example, telemedicine is making patient care extremely convenient, but is the doctor-patient communication secured and encrypted? If not, anyone can intercept the data and communication in transit. How do you secure that information stored on the end-user’s phone? The security of any network is only as strong as the weakest link. In this service model, the end-point device is most likely to be compromised and healthcare organizations need to ensure they are meeting all the security and regulatory requirements.
Adding to the pressure is the looming threat of new patient data regulations, including a revamp to HIPAA that could always require that health data be accessible to patients. To deal with regulatory scrutiny, the healthcare industry will have to rapidly modernize cybersecurity practices with a Zero Trust model that can adapt to the flood of new data sources but also secure cloud and hybrid environments. Should the patient access data requirement pass, providers will also need to manage an influx of new access points and users.