We live in a time of rapid IT transformation, from data technologies to the workplace. Among all these changes, here are some important trends to keep in mind.
1. Businesses Are Moving to the Cloud: Now IT Surveillance and Security Needs to Catch Up
Even before the pandemic, more companies were moving more of their IT assets and services to the cloud. The shift to a remote workforce in 2020 has only accelerated this trend. Companies realized they could retire old on-premises systems, modernize their IT infrastructure, and adopt a cloud-first architecture to better support remote employees at the same time.
In a 2020 Deloitte survey, 68% of CIOs ranked migrating to cloud or expanding private cloud services as their top IT priority, up 20% from the previous six months. According to the same survey, CIOs expected that between 2019 and 2021, on-premises workloads would drop by 41%.
Securing today’s new cloud-based perimeterless enterprise is one of the top security challenges for 2021 and beyond.
Enterprise IT teams need security, risk, compliance, and operational solutions that address cloud-based endpoints and traffic flows, asset configuration tasks, performance monitoring, capacity and other IT services needed for the cloud migration itself. When the business moves to the cloud, security and compliance must follow.
2. The new security model: from a castle and a moat to 10,000 castles
With the move to a remote workforce and cloud-based infrastructure comes a change in security models. For decades, IT security products and processes have been designed around a “castle and moat” model.
The place of work was the castle. Most of the IT operations related to the company took place inside the castle, on site. The castle was fortified with perimeter defenses such as firewalls and IDS systems. A DMZ network served as a moat, separating potentially hostile outsiders from assets inside the castle walls.
But when data and services migrate to the cloud and employees migrate to home offices, the “castle and moat” model breaks down. Today, every endpoint, whether it’s a cloud platform or an employee’s laptop, is effectively a new castle, a small storehouse of valuable assets outside the fortifications of the old castle. But old forms of attacks, such as phishing, port scans, and web-drive infections, still take place.
The end point is the new battlefield. IT organizations need new tools and strategies for visibility and defense; solutions capable of monitoring and managing thousands of small castles.
3. Artificial intelligence and machine learning need cybersecurity and data quality
Artificial intelligence (AI) and machine learning (ML) can help organizations improve their business operations and deliver new products and services. But if these technologies are mismanaged, they can become liabilities rather than assets.
Along with data teams, security teams must ensure that all stages of the AI/ML DevOps lifecycle run on secure, robust, and trusted platforms. Increasingly, the protection of these platforms is essential to protect intellectual property and the company’s competitive advantage.
AI and ML can be applied to cybersecurity and business operations. But AI and ML systems are only as effective as the quality of data fed into them. AI-based security systems should rely on reliable, real-time telemetry data that reflects the current state of endpoint security, rather than outdated data collected in batches on a daily, weekly basis or even monthly.
4. WFH shows how broken asset management workflows are
Even before the shift to a remote workforce, IT asset management was an overlooked discipline in many IT departments – an aspect of 21st century IT that too often relied on 20th century technologies and processes. such as spreadsheets and surveys.
Applying cloud technology and automation to asset management can give IT departments the accurate and comprehensive endpoint inventories they have lacked until now.
Some companies are making progress with modern asset management approaches. Laggards who stick with old technologies, including CMDBs that are too often incomplete or outdated, take big operational, financial, security, and compliance risks.
5. Swivel chair approaches to IT management can make IT teams dizzy
AI, ML, cloud, and now augmented reality and virtual reality: every major IT transformation seems to require a new set of IT tools. Struggling to keep up, IT departments can find themselves acquiring tools piecemeal and end up with a mix of overlapping capabilities and confusing, even redundant workflows. The proliferation of tools risks increasing IT training costs, overhead, and making IT organizations less efficient overall.
Whenever possible, IT organizations should adopt comprehensive platforms that include multiple tools cohesively combined. Standardization across these broad, feature-rich platforms simplifies training and operations themselves, and improves IT responsiveness even as IT technologies continue to evolve.
6. The Rise of Zero Trust Models for Securing Endpoints and Accounts
One of the most recent changes in enterprise IT involves security risks: 63% of cybersecurity experts reported an increase in threats since the start of the pandemic. With threats on the rise and endpoints more varied, distributed and vulnerable than ever before, it’s time to embrace a “Zero Trust” model for IT security.
This model assumes that no user from any endpoint in any location should be trusted by default. In a zero-trust environment, no one enters anywhere without authentication.
Zero Trust security means answering these questions in real time: Who is logging on? On which device? Is the device correctly configured? Does it belong to the company or to the employees? If it is the latter, does it have the right partitioning software to secure work-related activities while maintaining the privacy of personal data? Are the operating system and applications up to date? Are all the latest security patches installed? Is the terminal running unauthorized applications? Has it been used to access unauthorized websites?
In a rapidly changing IT world with thousands of “moatless castles” to protect, Zero Trust is the IT security strategy that makes sense on-premises, in the cloud, and at every remote site.
Learn how to answer fundamental questions about your environment with accurate, complete and up-to-date data on all endpoints, wherever they are.