Cybersecurity: 7 trends for 2021 to help companies meet their business challenges

Nowadays, in every organization, each experience, be it as a customer, an employee or a user, has a digital component. All these experiences have an impact on customer perception. With the Covid-19 crisis and the obligation of physical distancing, it was necessary to deploy telework to guarantee business continuity. A very large number of interactions have become virtual and in 2020, digital transformation accelerated. These transformations will continue, and organizations will now have to structure what they have been able to undertake in a hurry. The challenge is to guarantee employees efficient and secure access to their workplace, whatever the context of use.

Zero trust, the reference model for information system security

We are experiencing a radical change in the world of networks and access security. Organizations are moving from a “network-centric” architecture to a ” user-centric” and “application-centric” architecture. Before, we used to think: “inside, safe; outside, dangerous”. Now, you can no longer distinguish between inside and outside, and organizations no longer have a security perimeter. They can no longer trust by default. Hence the emergence of the “zero trust” approach, which consists of testing the level of trust at each interaction.

The identity is the new security perimeter for organizations.

It is the identity of the person and the applications they use that must determine the scope of what they can do, because the security of the network can be compromised if the devices connecting to it are not maintained by the organization and are not “trusted”. It is therefore necessary to consider, as precisely as possible, the authorizations that allow access to “applications”, based on functional, temporal, and context-related criteria. For example, access to certain features can be restricted if it is considered that the user is accessing the application from a “riskier context”.

The user, “the first rampart”

With the increasing digitalization of interactions, the challenge for organizations is to improve the workplace experience. The aim is to enable employees, whether they are mobile, teleworking or on-call, to carry out all their tasks as if they were at the office, with the same levels of performance, ergonomics, and security – which must be as transparent and as non-restrictive as possible. When it comes to authentication, the login/password tandem is a nightmare for users and CISOs. Transparent, natural and continuous authentication must make users’ lives and experience easier and allow them to be the first actors in their cybersecurity.

The cloud will protect the cloud

The information system of organizations is now split into various services and resources, some operated by the organization itself and others operated by third parties. It is now common to use Cloud services to secure access to these information systems. As these have become “hybrid”, with components deployed in the organization’s data centers and third-party cloud services, it is also natural that cloud services for securing access be also “hybrid”. In a world where everything is moving to the cloud, it is normal that the cloud secures the cloud.

SASE: a paradigm shift

The fragmentation of the network into software services brings with it a new set of hybrid secure access technologies and services (partly in data centers operated by the enterprise, partly in data centers operated by cloud service providers), including the “Secure Access Service Edge” or “SASE”. This is the convergence between network management technologies and network and access security technologies. On the one hand, users (“workforces”) are “anywhere” and must find the access point closest to their location; on the other hand, applications (“workloads”) are “anywhere” and their services must only be accessible by authorized people. It is necessary to have a central and local control of security policies, both on the user side and on the application side.

Artificial Intelligence and Machine Learning to fight against frauds

Today, very concrete applications of Artificial Intelligence allow to detect, among an ever-increasing volume of data, the weak signals of an abnormal situation. Machine learning of user behaviors allows to detect very quickly malevolence or negligence: a left-handed person who uses the mouse and keyboard as a right-handed person, a network administrator who tries to administer databases, etc. By implementing these technologies, organizations will therefore be able to anticipate and eradicate any fraud even before it becomes effective.

Hyper-automation at the service of cybersecurity

The increasing use of Artificial Intelligence and machine learning increases the need for hyper-automation: the growing volume of data and the increasing volume of processing this data generates a growing need for automation of the AI/ML engineering chain. The self-service experience of cloud services, the elasticity of the cloud, the need for speed (or even instantaneity) of users: all this contributes to the automation of all deployment and update tasks, and to the so-called “software defined …” or “as code” approaches.