Over the course of the past year, the world has witnessed an unprecedented reliance on technology. Digital transformation proliferated across industries, necessitated by the need to remain connected and maintain productivity during the COVID-19 pandemic. As a result, organizations saw a significant uptick in cyberthreats. Successful hacks like the SolarWinds incident have demonstrated the widespread ramifications of cyberattacks.
Now, tools tasked to defend against cyber threats have been propelled to the top of organizations’ 2021 priorities. Accordingly, increased investment in zero trust, data security, and pervasive defense-in-depth technology will be the focus of cybersecurity improvements in the coming year.
Zero Trust as an Arbiter
While zero trust is a hot topic in the cybersecurity industry, many companies have felt that they lacked the ability to apply zero trust principles to their own operations. Even so, given the changing threat landscape in 2021, companies are moving forward with zero trust and looking to combine it with improvements to operational convenience and efficiency.
Zero trust uses identities and credentials to secure environments, granting authorization to a limited set of tightly defined interactions. This in turn prevents hackers from launching attacks through a network-zone or other broad access permissions.
Particularly in the remote work environment, zero trust identity and access management (IAM) solutions enabling granular access control will be required. Unmanaged device passwords and basic network segmentation, while necessary, will no longer suffice. Instead, companies are moving to harden IAM tools with zero-trust architectures, which use identity as the perimeter rather than automatically assuming trust for any entity that gains network access.
In the last two years, attacks on industrial control systems and operational technology more broadly have increased by 2000%. Using sophisticated technology, today’s malware is capable of bypassing traditional safeguards with wormlike penetration––spreading across IT, OT, and cloud environments. Zero trust blocks cyber intrusion, requiring both authentication and authorization for every digital interaction. Some cybersecurity tools even allow for precise control over session time and specific access to individual topics and data values.
Similarly, a zero-trust approach ensures that partners and customers across supply chains can rely on accurate, authentic data. A great example is during custody transfer. When a product changes hands across the supply chain, it’s crucial that both parties involved can trust that the data readings are authentic and authorized. In a remote setting, where it's no longer possible to physically verify authorized entities, the importance of confidence in digital data is only amplified.
Data Security Will Take on a New Role
Partners and customers rely on cross-organization collaboration to maintain accurate and efficient operations. Therefore, the authenticity, integrity, and privacy of data and access to it remain paramount. This means that the data’s origin must be verifiable, its contents tamperproof, and access must be authorized. In 2021, it is crucial for organizations to make necessary improvements to their data security practices in order to maintain secure operations and even open up new opportunities for revenue, sustainability, efficiency, and technical innovation.
Complex in nature, OT environments are often geographically distributed and can span a number of participating parties. Thus, the structure of these complex systems complicates data security as multiple companies, users, machines, apps, etc. require access to the same information. One example of this would be in transactive energy scenarios where a utility company, private energy producer, and end-customer are each involved. In this case, each party requires specific access and control over a certain subset of the data. Likewise, vaccine supply chains rely heavily on the accuracy and authenticity of data like temperature readings and count totals. Mistaken or fraudulent readings might not just result in miscalculations and financial losses but could lead to faulty vaccine administration. A more dynamic approach to data security is needed to ensure that every involved party maintains secure access and control over their data, and so that their interactions can be verified, logged, and audited.
To accomplish this, data transfer mechanisms must be capable of proving that data has not been read or tampered with by unauthorized entities and validate the authenticity of the data’s origin. They have to be able to provide the necessary trust for organizations to operate internally and across supply chains without second-guessing the authenticity, integrity, and privacy of the data they rely on. Doing so enables them to perform with increased accuracy and transparency, which may open doors to untapped cost-efficiency and speed.
Distributed Security Enforcement for Distributed Operations
As workforces become more and more geographically dispersed, their cybersecurity practices require a distributed approach that is capable of scaling without sacrificing security and management. And because today’s business models are often data-driven, they will require a distributed cybersecurity architecture that enables reliable data sharing across the entirety of their operations – IT, OT, and cloud. To reach the full potential of remote work and sufficiently safeguard against the routine threats in today’s cyber-environment, 2021 will see increased usage of distributed ledger technology (DLT) to serve as the foundation to their digital transformation, ensuring that there is no “single point to hack” in their security architectures.
Unlike traditional architectures, DLT grows stronger with each entity it adds. Already utilized by critical infrastructure across the world, more and more organizations are turning to it because of its flexible, scalable, and highly customizable capabilities. Underpinning capabilities like IAM, multifactor authentication (MFA), and more, DLT provides companies with granular control over their assets and users and their data. And because DLT is consensus-based, it grows stronger as its environment expands, meaning that the largest operations become the most cyber-hardened.
Furthermore, DLT allows for increased trust among partners as it provides an irrefutable record––preserving data integrity and enforcing protocols across the entirety of operations. By digitally signing a unique key to data as it’s produced (which is then shared via the DLT) the origin of the data is also guaranteed. And by enforcing identity access management policies, organizations can ensure that only trusted entities have the right access to the right data. Extremely difficult to hack, DLT ensures that access and controls are authentic, and all changes are authorized. Doing so provides for trusted collaboration among partners and customers––sparing costly audits, disputes over questionable data, supply chain disruption, data compromise, and more.
The Landscape Ahead
While companies pivoted to meet the demands of 2020’s remote work environment, the impact will long outlast the COVID-19 pandemic. Organizations learned about their ability to not only survive but thrive in a remote environment. At the same time, remote work highlighted a number of vulnerabilities and ushered in new cyber threats – more sophisticated and prolific than ever before. In the year 2021 and beyond, the focus on cybersecurity will not wane but instead focus on eliminating single points of attack and introducing new opportunities for revenue, sustainability, and collaboration to transform cybersecurity as a costly necessity into a business enabler.
About the author:Duncan Greatwood is the CEO of Xage Security. Most recently, he was an executive at Apple, helping to lead a number of Apple's search-technology projects and products. Prior to Apple, Duncan was CEO of Topsy Labs, the leader in social media search and analytics acquired by Apple in 2013. Prior to Topsy, he was the founder and CEO of PostPath Inc., the email, collaboration and security company acquired by Cisco in 2008. Previously, Duncan held Vice President roles in Marketing, Corporate Development and Sales at Virata/GlobespanVirata/Conexant, as well as earlier engineering and product marketing positions at Madge Networks. Duncan brings a blend of sales, marketing, operations, technology, and human experience to the task of driving growth at Xage Security. Duncan holds a B.A. (Mathematics) and M.Sc. (Computer Science) from Oxford University and an M.B.A. from London Business School.
