As seen in betanews
By Eric Bostick, NWN Carousel CTO
Over the last 18 months, the world has changed which has impacted everyone personally and in the workplace. Businesses now have to adopt more flexible, work-from-anywhere strategies. This has increased the potential for security attacks that IT and Operations Teams need to defend against with the majority of employees remotely connecting to critical business systems.
With more companies embracing cloud communications and enabling employees to connect from a myriad of devices using a plethora of business applications, the opportunity for bad actors to compromise critical systems has expanded and security can no longer be an afterthought. It has to be included in the overall company strategy. Here’s what we foresee on the horizon for infrastructure security in 2022.
Security will shift from point solutions to a platform-centric architecture
In 2021, the World Economic Forum named cybersecurity as a threat potentially greater to society than terrorism. As businesses build more tightly integrated cloud native applications, they need to proactively manage — and effectively mitigate — any vulnerabilities.
The threat landscape increased drastically as the world shifted to a distributed workforce. Employees around the globe began connecting to business networks from a variety of unsanctioned endpoints. But perhaps the greatest irony is that many of the technologies that were reactively purchased actually provided redundant capabilities to existing technologies in the environment; organizations are essentially paying for the same service from multiple vendors without knowing.
Effective security strategies are no longer about the network infrastructure; but rather extending the strategy to the endpoints and users. This could require enhancing infrastructure and implementing more control enforcement solutions on the endpoints. Businesses need to take a long lens approach to security to project future business outcomes and really understand the required capabilities from a tech perspective.
With so much uncertainty, businesses want to be able to rely on effective security solutions. Taking a platform approach to security is helping companies rationalize their security architecture and secure communications company-wide, while optimizing their security investments. We expect to see organizations move away from reactive point security products, shifting their focus to a proactive security architecture strategy. This will undoubtedly include a goal to reduce the number of security vendors that organizations implement and, therefore, allow for more efficient security management.
Cybersecurity will be scrutinized at the highest level of the organization going forward.
The past year has proven that security is inherently complex and all IT infrastructure should be inherently ‘Secure by Design’. In 2022, forward-thinking enterprises will ensure their tech stack includes security risk assessments, supply chain planning and business continuity management. Organizations will reassess their overall IT strategy focusing on how to better plan for a hybrid work model and the adoption of more Software-as-a-Service (SaaS) solutions.
As organizations adopt a hybrid work model, security controls that were traditionally on premise need to shift to the endpoint which makes the security architecture even more difficult to manage and maintain. Further refinement and adoption of industry frameworks and methodologies will be a priority, such as:
- Zero Trust Security Architecture (ZTSA)
- Secure Access Services Edge (SASE)
- Extended Detection and Response (XDR)
While companies recognize the need to rationalize the number of security vendors they implement and manage, many have already reactively jumped on some bandwagons and bought into the hype around poorly defined industry trends. They have purchased new point products to mitigate apparent short term risks, which drives up operational costs and reduces overall effectiveness of a poorly integrated security architecture.
Unfortunately, those companies will have to rethink their approach because we anticipate there will be stricter government regulated security oversight, which will hold organizations accountable for breaches and compromises. Insurance companies will likely also have more stringent prerequisites for cybersecurity thresholds moving forward.
SASE is making security and ops teams rethink the traditional models
Traditional technology and infrastructure that doesn’t have the capacity or scalability to support a seamless end-user experience (whether using home, work or public internet) has been a real struggle for many organizations in the new ‘Hybrid Work’ model. In the coming year, Customers are looking to cloud service providers to deliver secure, managed, as-a-service platforms that provide consistency in the end user experience.
Poor application user experiences have led to workplace dissatisfaction and reduced productivity. Disparate technologies have caused operational inefficiencies leading to IT teams spending a majority of the time fighting fires instead of proactively supporting the business.
In 2022, the focus will be on with the integration of a hybrid architecture providing visibility into the user experience and application performance, shifting away from the traditional LAN/WAN architecture. Monitoring of performance availability of systems and applications will give way to the use of more synthetic transactions measuring all aspects of the user experience.
Scalability in the IT platform and applications will also be a shift in focal point. Burst capacity consumption will need to be based upon seasonal needs.
Attention will be on SASE infrastructure. SASE allows for the merging of wide area networking and security technologies through cloud services to connect users and apps, regardless of location or architecture. As 2022 plays out, we will see SASE become the predominant infrastructure for forward-thinking businesses.
Image credit: Narith Thongphasuk38 / Shutterstock
Eric Bostick is Chief Technology Officer at NWN Carousel, an integrated cloud communications service provider