Last year was supposed to be a return to normal. But for security professionals, the uncertainties ballooned; one writer detailed the whirlwind – cyberattacks, virtual work, executive orders, cloud expansion – resulting in more intertwined IT ecosystems and vulnerabilities.
In 2022, enterprises will press deeper into unknowns.
To help you plan for — and respond to — this year’s identity and security trends, we’ve examined research and collected insights from Saviynt cybersecurity experts, system integrators, and technology providers. Contributors include Deloitte, KPMG, Simeio, and iC Consult.
We’ve also assembled actionable steps your organization can take to prepare for success in the year ahead for each trend. We’ve published them in a comprehensive report, Identity and Security Trends & Predictions: 2022 and Beyond.
Here’s a quick summary of the ten trends we think will define cybersecurity in 2022:
The Colonial Pipeline attack in April 2021 was just the beginning. Armed with advanced methods like phishing, credential stuffing, and social engineering – and boosted by the promise of massive payouts – cyberattackers will continue to pursue high-value targets.
The cybersecurity mesh architecture (CSMA) amends the old view of protecting the IT perimeter with a more modular approach, allowing security leaders to apply dynamic policies with the identity fabric.
Last year, CSMA generated significant buzz. Is the approach sustainable or simply good in theory? Time will tell.
Last year, we predicted Zero Trust initiatives would increase as cyberattacks dismantled confidence in perimeter-based security and a “trust but verify” model for identity and access management. This year, we expect mass movement from framework acceptance to implementation.
As a principle, Zero Trust is widely accepted. In 2022, the hard work of operationalizing will begin.
In a recent survey of public cloud users, 81% of respondents said they are working with two or more providers. As multi-cloud adoption expands, we expect visibility, security, and governance issues to heighten.
We anticipate a growing appetite for a “homogenous” control plane experience given distinct control capabilities across cloud providers. Although a truly centralized management offering does not exist, platforms that offer unified, cloud-native security will be in demand.
Forrester recently posed an unsettling question: “Do you know how many software bots, physical robots, or internet of things (IoT) devices are connected to your network?”
Today, digital transformation campaigns spawn thousands or millions of new machine identities. Non-human tools boost productivity, but they also widen attack surfaces. Meanwhile, just 40% of CISOs and IT leaders say they have an enterprise-wide strategy to manage machine identities. Most have either no strategy (18%) or a limited strategy for specific applications or use cases (42%).
Machine identity growth is explosive – clearly, there is much management and governance work to be done.
Last year, more than 60% of data breaches involved stolen credentials. “Credentials are the skeleton key,” explains Gabe Bassett, senior information security data scientist for Verizon Security Research.
In 2022 and beyond, we expect security leaders to abandon both the “set it and forget it” mentality and static passwords to grant sensitive access.
Despite remarkable technology advances within the cybersecurity industry, threat intelligence (TI) sharing remains mostly ad-hoc – filled with blindspots, disunity, and delays. DarkReading describes information sharing as a “critical aspect of any security strategy,” however, the fragmented nature of service providers often impedes enterprises’ ability to identify, validate, and respond to threats.
This year, we believe the corporate cybersecurity ecosystem will aggressively partner around shared intelligence. In particular, we expect movement beyond informal, peer-level relationships to deliver broader protections with scope, scale, and speed.
The historical arc of identity in technology is long but bends toward convergence. In 2022, the merging will intensify, creating new efficiencies. Enterprises will look for converged identity platforms — with identity governance, granular application access, cloud security, and privileged access capabilities — to draw the security perimeter at identity and boost risk awareness. Efforts will also target IoT/Bot governance and third-party access.
Recent examples of breaches involving third-party access are numerous. Last year, Morgan Stanley disclosed a data breach that affected a stock account maintenance vendor. In April, the hacker group ShinyHunters compromised a third-party warehouse, exposing over 56 million KYC data files from Upstox, India’s second-largest stockbroker.
As third-party-related incidents rise, we expect organizations to increase monitoring and assurance activities for this segment.
Fragmented identity, access, and authentication experiences introduce privacy challenges and exacerbate the proliferation of identity data stored across different sources. But the blockchain is changing things.
In the coming year and beyond, we foresee this technology going mainstream, and decentralized identity taking center stage as companies move away from rigid, centralized, and federated infrastructures.
Last year was a year of immense challenges. Still, companies proved resilient. They established new operating norms, supported dispersed staff, and navigated digital-first demand for products and services.
This year, security leaders face accelerating Zero Trust demands, competing transformation initiatives, coordinated cyberattacks, and unique access issues with the rise of machine identities. No roadmap through these challenges exists, but this report’s trend insights and guidance can be an ideal starting point.
Read the full report to learn our top strategies and recommendations for the year ahead. You can also attend our upcoming three-part webinar series to gather the latest best practices and define a stronger identity strategy with Saviynt.