Security in 2023: 6 trends for IT leaders

Here’s a New Year’s resolution you’ll never hear: “Don’t fix IT security!”

Of course, maybe an over-the-top vendor or three could use that kind of energy to make their rankings available, but sensible IT professionals know that’s an unrealistic scenario. There will always be cybersecurity threats and risks. That is true this year, next year, and – unless all people quickly remove and return to the life of farmers, hunters – forever.

That’s because IT systems and professionals are failing, all the time. But there will probably be a brutal system and experts who want to use the truth all the time.

So it’s a new year – hello, 2023 – but IT security is neither a new nor a passing concern. He is severe anxiety; Threats and attackers are constantly changing, even if some of the basics (like sharing or managing credentials across multiple accounts) remain the same. hold on.

In that busy environment, here are six trends IT leaders will be paying attention to in 2023.

1. Supply chain security is still key – but the work is just getting started

The word “standard” sometimes suggests “new,” but in IT security it seems to indicate long-term — if not permanent — change. Exhibit A: Software chain protection. It is a hot security topic in 2022 and even before that. It will be the focus of 2023.

Today’s software supply chains are as diverse as ever – software is often built from other software – so ensuring the security of those supply chains will need to be a long-term commitment.

What could be new in 2023? Although people often talk a lot about infrastructure security, they have not supported the issue during the budget period.

Gordon Haff, technology evangelist at Red Hat, said, “Red Hat’s latest Global Tech Outlook report shows that software security remains a low-cost security priority among decision makers. IT.” “This shows that a good New Year’s resolution for many companies is to create a good strategy for dealing with supply chain security if they have not already done so.”

Silver lining: For many companies, this may not require an investment in capital expenditure – it’s a matter of leadership involvement, planning and process improvement.

“This may not require a lot of money, but it does require a plan and a strategy to mitigate the risk going forward,” Haff says.

And expect growing demand for Kubernetes security as a foundation for broader software delivery capabilities.

Also Read :  Clip of 'Heartbroken' Dog Grieving Death of Brother Has Internet in Tears

Alex Meijer, head of infrastructure at Corsha, told us recently, “There will be more emphasis on the security of Kubernetes. Meijer expects to see an increase in things like image signing bag and confirmation.

[ Also read Kubernetes in 2023: 7 predictions for IT leaders. ]

A member of Meijer, equipment engineer Robert Batson, also sees promise in emerging tools – Batson pointed to the acceptance control from Sigstore as an example – that “extends the supply chain and clusters that accept these applications. [and] will join the list of tools we use in footwear to address issues such as visibility and safety in the traditional sense.”

2. Big year for the NIST Cybersecurity Framework

There is no doubt that security officials are already familiar with the US government’s NIST Cybersecurity Framework, a set of standards and public practices for managing cybersecurity risks and promoting organizational security. But that doesn’t mean employers follow suit, especially if their company or business doesn’t require it.

Cam Roberson, vice president at Beachhead Solutions, expects 2023 to be a big year for interest in the use of the NIST system — even if it’s not mandated.

“Many companies are realizing that even if they are not necessarily NIST-compliant, the system still provides comprehensive security guidance and best practices that apply to many government-required projects (such as CMMC or DFARS) and other companies. Specific laws (HIPAA and similar) where businesses must see ongoing compliance,” said Roberson.

Groups and organizations are initially focused on where to start – security is a big challenge going forward – and how to model will find some kind of methodology in a model like NIST.

“Five ‘core’ services in more than 100 subcategories provided by NIST go into how CIOs, CISOs, and security professionals can identify and identify threats, then respond and recover from them as they arise. important,” says Roberson.

“NIST will continue to emerge in 2023 as the industry standard — perhaps becoming the de facto standard — that businesses can base their security plans against.”

The same can be true for other existing standards and tools, such as the CIS Kubernetes Benchmark or the MITER ATT&CK Framework.

Roberson thinks the NIST Framework could be the go-to in 2023 because of its depth and breadth.

Roberson says, “The risk of breaches and compliance gaps is very high, and NIST will continue to emerge in 2023 as an industry standard – perhaps becoming the standard of truth – that businesses can support. their defense against,” Roberson says. “We’re going to see a lot of other companies making efforts to get NIST accreditation.”

Also Read :  The constant is change | MIT Technology Review

3. As mobile computing grows, so does the need for face protection

As new (or new) IT paradigms become common – the cloud is one of the most popular examples of the last decade or so – the preservation of the paradigm is inevitable is also important. (See also: clouds, again.)

With the system of computing and radars – or working – of many IT leaders in the coming year, front protection is almost certain to give more attention.

Like the cloud before it, edge computing is not “more secure” than the embedded version – it introduces new or different risks and challenges.

As Jeremy Linden, director of product management at Asimily, told us last year: “Edge computing can create more complexity, which can make securing the whole process more difficult. Regardless of which That said, there is nothing less secure about desktop computers.”

Instead, front-end security must require the same thing every IT security department needs: proper planning and prioritization. 2023 will be an important year for setting the foundation.

Also, check out our recent round-up – 11 resources to boost your dating journey in 2023 – to give your future plans a boost.

4. The same applies to AI / ML projects

In a simple sense, you can replace the above “node” with “AI / ML” to show the same principle: As other companies run (and others) models of ML and other models of AI in production, those projects will include juicier (and juicier) targets for cyber attackers. AI/ML is a trending trend; AI //ML security is lacking, but that should change next year.

Christopher “Tito” Sestito, founder and CEO of HiddenLayer, specifically expects CISOs and other IT leaders to spread the Zero Trust framework and implement its principles and practices for AI/ML.

“2022 is the year to increase government oversight of AI/ML security and to facilitate ML attacks from automated weapons,” says Sestito. “The result will be what CISOs need to protect their AI/ML”

Sestito adds that tools like the MITER Adversarial Threat Landscape for Artificial Intelligence (ATLAS) framework “will help CISOs and their teams quickly assess and implement the required security controls that are directly connected to their existing zero-trust systems.”

Also Read :  AI solution improves machine utilization, product quality, energy efficiency

5. It’s 2023: Do you (yet) know where your security vendors are?

We are all about IT and IT leaders, not stock market forecasts or economic analysis. But if you check any financial news site or feed at any time, the headlines haven’t been all roses lately.

In the big picture, there is a general understanding that 2023 could bring consolidation and change in the technology industry.

“Many market watchers believe that 2023 will see a flurry of technology vendors with no viable plans for revenue,” Haff says. “IT decision makers need to consider whether their vendors have a strong market position.”

That’s true in general but especially in the IT security sector, where the vendor market has expanded significantly in recent years, especially in the cloud/cloud space.

“This certainly includes a security gap that has seen an explosion of startups doing cloud security in many cases in unprofessional ways,” Haff says.

Vendor management is part of every IT leader’s job; in 2023 it may be worth looking at the portfolio, especially when it comes to security devices.

6. Safeguards are more efficient at operating their own pipelines

The lack of IT security – often the gold medalist in any broader discussion about the challenges of adopting and using technology – is an old story.

What’s happening lately is that IT leaders and organizations are no longer just waiting for someone else to solve the problem. They invest in their own security pipeline and ensure they reach the target audience.

Sestito says, “We foresee a continued focus by organizations that are effective in transforming cyber workers through targeted programs and organizations that don’t.” example,” says Sestito. “These organizations understand that their ability to grow markets, solve complex challenges, and attract and retain customers depends on having a diverse workforce around the world, and they will invest in vice versa.”

Sestito said this is not a time-bound process, either. Of course expanding the cybersecurity talent pool is a long-term strategy, not something that is paid lip service to.

“This is not a one-year HR plan,” Sestito said. “Instead, this is a cultural change that requires years of attention and commitment.”

[ New research from Harvard Business Review Analytic Services identifies four focus areas for CIOs as they seek more flexibility, resilience, and momentum for digital transformation. Download the report now. ]

Source

Leave a Reply

Your email address will not be published.

Related Articles

Back to top button