As September winds down and 2020 has been a wild ride and we are looking for an end to the pandemic (hopefully). We thought it might be time to look at 2021 and see what the community thinks may happen.
@Caute_cautimand I would love to hear what folks think will be relevant to security and or privacy in the coming year and hopefully put together a blog on it.
So if you have thoughts, please let us know.
I do not share your optimism, I believe covid-19 will remain part of our lives in the following year as well.
With or without covid-19 I think that tele-working will become the new norm in most industries. companies will reduce physical presence and opt for remote working.
With remote work becoming the norm, we as security professionals will have to put a strong emphasis on how we educate end users to use their corporate resources, as well as how to detect malicious emails.
In Addition - I except endpoint security will be on the rise in the upcoming year, since many are working from home.
@rslade I personally disagree, we should be have more prepared and it should have been in our incident response playbooks and risk register. Not being prepared for the unknown is not good enough.
Sure there is plenty of lessons to be learnt from this, but being unprepared these days is really not acceptable.
I am going to disagree with remote working becoming the norm. I see it in the same light as outsourcing and offshoring. While there is the upfront benefit of cost savings from reduced office space they will be loosing more in productivity. While a person is in the office it is easy to get another opinion, bounce ideas off of each other, and just reduce stress from basic water cooler socializing. I believe that it is these factors that will pull things back into the office. People will also realize that working from home tends to be more stressful because we tend to feel we need to be more productive because we are at home. Whereas when we are in the office, well we are in the office no matter what we are doing.
I think recent events have forced a lot of places to embrace a lot of technology that has been around for some time but they just never wanted to be bothered, and I think now they have simply been forced to do what they should have been doing all along and embrace things.
Well, 2020 pointed out how utterly useless is is to speculate about the future. Go
ahead. Look back at all the “What will happen in 2020?” articles that were
written in December of 2019. If you can find a single one that says that we would
be facing a worldwide pandemic, and that a number of huge retail giants were going
to go belly up, I’ll eat my hat. As the man said, never make predictions about
anything that can be proved in your lifetime.
I disagree with you on this, the predictions may not have discussed a pandemic that caused a shift in the way that works worked, however many organizations have been discussing Pandemics and what would happen to their organizations for years.
Even the (ISC)2 board asked management to provide a plan that would handle this type of situation.
I believe these discussions is what has allowed so many organizations to maneuverer quickly and stay in business. You may find that some of the giants that went out of business were already in trouble and this was the last straw. A couple of brick and mortar stores that I used to shop in, have gone by the way side, however, I believe it was only a matter of time....since the times I was in the stores, you could have shot a canon and not hit anyone.....they were so empty.
A number of predictions did foresee an increase in remote working.
So not in agreement with your assessment but then that's probably why I live in the East (LOL)
I believe I agree, VPNs are the traditional approach to connecting to remote workers or WiFi systems.
With the advent of 5G high speed networks, and now Edge Computing via the ISPs, there is a lot more bandwidth available far higher than your traditional approaches.
Many people are turning towards Software Derived Networks (SDNs) and Web Applications using Internet or even private networks with segmentation, to provide organisations the flexibility towards communicating where you are securely and safely.
However, as many government agencies know this then opens up the issue of Shadow IT, and the lack of visibility within Cloud environments, which opens up a whole heap of risks and related threats to the organisations.
So when an organisation is attacked with due to a misconfiguration or releases data due to an insider moving their data from one cloud to another without their knowledge - it becomes a major concern. A lot of organisations do not know where their data is located, what controls and protection is placed around it or what users, applications, devices and network that need to be authorised to allow them to connect securely.
In mentioning VPNs you reminded me of a sore spot I have. One would think that using a VPN is a good thing because it help us be more secure, but I have seen so many sites that will either block a VPN connection or toss up tons of extra measures just because they detect your coming from a know VPN IP. These site are hindering more than they are helping. While I do understand that they probably are doing this with the idea that most of the time attackers much be using VPN it's a very poor security solution.
In not knowing where things are I believe that the push for remote working will force many more companies to adopt a zero trust model and increase monitoring. Too many companies have been putting just the minimum into IT to get things to work instead of spending the time and effect to have solution that real help their businesses get a head. I think that will be changing with them now being forced to look into the options in front of them.
Other things are thing about the drive for lower latency for industry systems, having the greater bandwidth more local to the point at which manufacturing is occurring, means a higher number of transactions and less cost, which is a benefit immediately - this is driven by 5G and Edge Computing, by device, edge and network. This also means a greater number of IoT devices will be used to generate more analytics, so more information is immediately available. Edge Computing means keeping your data closer to the source, where you actually need it rather than depending on multi-clouds or Hybrid cloud situations too.
This improves data security controls and also that of sovereignty of data too, less costs involved in using cloud providers, because the greater bandwidth with lower latency is far closer to the point of manufacturing,.
Also it means greater monitoring capabilities closer to Medical devices for medical practitioners, and maintainers of such important equipment.
Then add the movement towards fully automated vehicles, greater bandwidth and lower latency for the quadrillions of IoT devices built into these "Dinky " toys.
Roughly every twenty years, somebody in the business world comes up with a major new idea in corporate management. In the 1960s it was “Theory X and Theory Y.” In the 1980s it was “In search of Excellence.” Around 2000 it was “The Human Equation.” The idea is always the same idea: pay attention to your people. It is always a big hit because it works. It always get forgotten in about twenty years time because it is difficult to pay real attention to people. I suspect it is time for it to be “rediscovered” again. (My candidate for the next hit work on the topic is possibly “Survival of the Friendliest” by Hare and Woods.)