It is fair to say that 2020 was the longest, shortest year. Until March, it was pretty much busy as usual. The next two months, however, were a blur as businesses shifted to being truly dispersed, literally, and the rush of companies to cover their security needs for their severely displaced workforce began.

Risk analyses and landscapes were redrawn, quick wins for security were the order of the day. Those more agile companies adapted quicker and the stampede to the cloud really came into its element. Can you imagine if there were no cloud services during this pandemic?

The evolution of security to the cloud has, in no doubt, been happening for a while now. However, 55% of UK respondents to a recent survey said they have increased their cloud adoption as a direct result of COVID-19. Those that did have some sort of a cloud security strategy did well in Stage 1: The Panic, the rush to cover remote working. Over the months (which seemed to drag endlessly) we noticed organisations moving to cover key security concerns. Then came Stage 2: Consolidation, quick security wins moved towards compliance, governance, and risk aversion, the ‘new-norm’.

All these activities centred around 3 core pillars: People, Resilience, and Location Independence. Heading into 2021, I expect these to remain in the centre.

Looking to 2021, where are the key IT security trends likely to be coming from? Well, the pandemic has provided two things:

1. The need to be more agile with infrastructure, and
2. The need to address the significant increase of IT security that comes with that agility.

Talking to businesses and listening on the grapevine, there are some IT security areas that I think are going to be core areas for the IT Security Sector in 2021.

Locations and Platform Agnostic

The need for flexibility is key and having services delivered from the cloud, through a browser provide a crucial capability to access tools and operations wherever the user or services may be. Encapsulating this with encryption goes a long way to providing a robust, flexible solution. Security solutions that can address a companies’ criteria need to be able to offer this agility. Remote deployment, management and reporting outside of the core network is a must.

Cloud Service Bonanza

Having finally broken the cloud service seal, 2021 will see the continued drive into Security as a Service (SECaaS). Many companies I have spoken to are looking at cloud services for pretty much any requirement that is coming from the business, whether this is IT Security or not. IT skills are hard to come by and they are expensive. Managed Service Providers (MSPs) will continue to establish themselves as the go-to people, the providers of services more than just product. Reputable service providers can offer companies dedicated solutions that address these needs.

Portals are Back

Given the dispersed nature of the architecture now, whether it is internal or external to your organisation, a resource can be brought together through a portal and displayed in a single user interface. This is driving businesses to security technologies such as:

• Identity & Access Management – IAM (portals for users)
• Multi-Factor Authentication – MFA (verifying those users into portals)
• Privileged Access Management – PAM (IAM for privileged accounts with more bells and whistles)

Zero Trust Approach

Given the dispersed environment an administrator needs to protect, a Zero Trust approach becomes far more important. It doesn’t matter if a person or device is part of the company, they must still prove who they are, through various criteria before they can be authenticated and authorised to access resources.

Again, as DevOps build more technologies that ‘talk’ to each other, without the need for humans, to speed up business processes and build business intelligence, the greater the need for this zero trust approach.

Passwordless Authentication

With the agile workforce there needs to be a smarter way to identify a person, their role, their location and ultimately their access. Next Gen MFA solutions are looking to move beyond the traditional password authentication process, using intelligence to enhance the verification of a person or account, with adaptive or biometric measures.

Cloud Security Posture Management (CSPM)

As mentioned previously, the resources that people or processes are trying to access and where it is located has become increasingly complex. DevOps building business intelligence and linking IaaS, PaaS, and SaaS components together, can lead to misconfigured solutions, gaps, or vulnerabilities in services they are providing to their users. CSPM looks to address this constantly changing, automated and complex environment with its own automated solution that identifies, alerts, and offers remediation.

Endpoint Management

One of the biggest areas of interest to Hackers now are all those that work from home, no longer behind secure walls, who mix normal household activities with that of work. For administrators, the requirement is to not only support their own network but also making sure everyone else’s is working too. Being able to manage (monitor and report) those endpoints and the security solutions placed on them is key. Secure access solutions (SASE) will be another area where we expect to see significant growth during 2021. As the intelligence of the threats grow, so does the need for the intelligence used at the endpoint to protect the user.

This blog post is part one of a two-part blog series. If you’d like to read on and learn what key attack vectors you can expect to see in 2021, please click here.

About Simon

Simon King is the Head of Technical at Infinigate UK. Simon has brought 25+ years of security knowledge to Infinigate. He manages our Professional Services team, oversees Customer Support, and is the ISO for the Infinigate Group.

To stay up-to-date with our latest blog posts or company news, follow us on Twitter and LinkedIn.