While 2020 was an extremely difficult year for all of us, 2021 did not exactly bring the reprieve we were all hoping for. We experienced much-anticipated COVID-19 vaccine rollouts and numerous conversations around hybrid work policies. But we also experienced the Delta variant surge, reappearing lockdowns, ongoing supply chain problems, and extreme staffing shortages.
With a hopeful eye to 2022, we must think about our security efforts, continuing to combat ransomware and becoming more vigilant about protecting ourselves against cybercriminals.
Most of the top cybersecurity trends predicted for 2022 are derivatives of those seen in 2020 and 2021– managing security breaches and rebounding from the ongoing COVID-19 pandemic. Securing identities and access management only grows in importance to solve these challenges. The key is to be prepared for 2022. So, let’s take a look at some predictions from OneLogin’s security experts for the coming year and beyond:
OneLogin’s security experts
- Hybrid work in motion
- Vendor consolidation
- Proliferation of low-code and no-code platforms
- Ransomware attacks continue
- Identity security is a collection of technologies
- Increased Use of Identity Risk (Fraud Detection) Technology
- Passwordless in tandem with Zero Trust
- More groups to be monitored by privileged access management
Hybrid work in motion: While many of us thought we were going back to the office in Q3 of 2021, the Delta variant slowed that return and officially forced offices to develop a hybrid work policy. However, this undertaking requires IT and Security organizations to overhaul policies and tools to support and seamlessly enable remote work.
And that’s where cybersecurity mesh comes into play. Cybersecurity mesh is a modern, conceptual approach to security architecture that enables the distributed enterprise to deploy and extend security where it’s most needed.
Cybersecurity mesh extends to cover identities outside of the traditional security perimeter and create a holistic view of the organization. It also helps improve security for remote work. These demands will drive adoption in the next two years.
Vendor consolidation: Gartner’s 2020 CISO Effectiveness Survey found that 78 percent of CISOs have 16 or more tools in their cybersecurity vendor portfolio, and 12 percent have 46 or more. Because having too many security vendors results in complex security operations and increased security headcount, it is important to have less vendors and more consolidated solutions. Today’s customers want to buy a platform, but don’t want to buy point solutions due to integration challenges. Consequently, we expect fewer vendors in the market as a result.
The proliferation of low-code, no-code platforms: Simplification is one of the key driving factors in the cybersecurity space. As a result, it is important to build and implement new automated workflows from an identity lifecycle perspective and a security policy perspective. This is for the purpose of improving operations and enabling IT to build new workflows – without a heavy reliance on developer resources.
Ransomware attacks continue: According to Gartner, the percentage of nation states passing legislation to regulate ransomware payments, fines, and negotiations will rise to 30 percent by the end of 2025, compared to less than 1 percent in 2021. In addition to this much-needed legislation, solutions that provide preventative coverage on thwarting attacks are also vital. For example, multi-factor authentication (MFA) to secure access was named as a preventative measure by the White House mandate and is also a required prerequisite of cyber insurance policies and organizations hoping to seal off points of exposure.
Identity security is a collection of technologies: We are seeing numerous needs around supporting IT and security orchestration to help further automate processes and governance across different identities, privileges, and systems. As a result, it’s about managing all of these capabilities in a much more secure and unified way.
Increased Use of Identity Risk (Fraud Detection) Technology: Device-telemetry and third- party -intelligence will be important factors to consider and incorporate into your identity and access management (IAM) solution, which will help the experience for end-users. In the past few years, cybercriminals have evolved their tactics and strategies. For example, the SolarWinds attack made headlines at the end of 2020, which highlighted the danger of software supply chain attacks. Unfortunately, we expect these types of attacks to continue to be major threats in 2022, as companies and government agencies try to play catch up.
Passwordless in tandem with Zero Trust: There is no question that going passwordless and the concept of Zero Trust will continue as major trends in the next year. Passwordless helps make the implementation of Zero Trust more effective in achieving a layered approach to security. With passwordless, instead of organizations relying on a password as a form of verification, they rely on more secure means of authentication, such as biometrics and AI-powered verification. This authentication takes different contextual factors into account to automatically grant, verify, or deny access.
More groups to be monitored by privileged access management: In the privileged access management (PAM) space, we hear a great deal about least privilege access. The goal of the principle of least privilege access is to give the appropriate access needed to do one’s job – without giving keys to the entire house. By giving the appropriate level of access, organizations enable employees to complete their work without introducing more areas of potential exposure and risk.
In addition, organizations must shore up privileges to improve security posture, while also providing teams with the ability to balance the operational needs of the business, such as with the delegated admin tool.
Our world has clearly changed a great deal since early 2020. Not only have businesses been forced to adjust to numerous twists and turns, but they have had to adopt technologies that support a new type of workforce. OneLogin understands these technologies and can help you prepare for what’s on the horizon.
As we look toward 2022, organizations must address the challenges that come with the new normal of remote and hybrid work. In addition, identity management will become more cloud-based and will require a layered security approach, such as contextual access and passwordless. The solution lies in an identity-centric approach to security via a comprehensive platform that combines IAM + Identity Governance and Administration (IGA) + PAM.
The OneLogin IAM solution provides additional critical security capabilities as you migrate to the cloud, secure your hybrid workforce, and address the evolving threat landscape.