Features, Insight, Opinion

IT security predictions for 2023

By Anudeep Parhar, Chief Operating Officer of Digital, Entrust

  • Organisations are turning to automation, vendor consolidation and cloud marketplaces to simplify managing multi-cloud environments.
    • Whether people realise it or not, we spend the majority of our time in the cloud.
    • Managing and tracking everything across multiple cloud environments makes proper management and cost control very complex. Do you even know all of the workloads, VMs, containers, keys, crypto you have? What clouds it is located in? Who has access to it? Are lifecycle management policies in place across data, employees and departments? Do you have a handle on what is stored where? Do you have a handle on your overall costs?
    • Automation – The IT sector continues to experience a skills and resources gap. And, as enterprises add more cloud environments, compliance becomes a challenge. Automation can help manage users, machines applications and data across these cloud environments more efficiently and cost-effectively.
    • Vendor consolidation – Business leaders are looking at using as few vendors as possible to simplify vendor management and mitigate costs.  There is some great data from Gartner’s 2021 IT Security trends on number of security vendors at the average organisation, and the desire to consolidate. A 2022 Gartner survey of CISOs found 75% are pursuing a vendor consolidation strategy, up from 29% in 2020. (Note, if we use this particular stat, we will have to ask permission, which could take time. This is for reference only at this point.)
    • Cloud marketplaces – This is the consumerisation of IT. People want to shop for cloud solutions much like they do in their personal lives because they are looking to speed up and simplify the buying journey.
  • Digital payments will become the norm
    • The global transformation of banking and payments has only accelerated over the past few years, and between web trends and a global pandemic, the industry has seen disruption from all angles. Contactless payment methods have become a go-to payment method for consumers around the globe.
    • In 2023, consumer banking will be all about digital interactions first, but this digital experience needs to have security at its foundation. ‘The Great Payment’s Campaign’, a recent global study by Entrust, revealed that 94% of respondents in UAE and 91% of respondents in KSA said they were concerned about the potential of banking or credit fraud as banking and credit become more digital.
    • Consumers will require flexible, convenient, and secure payment methods, and the demands for security will only grow from here.
  • Trusted Identity will make the Metaverse and Web3
    • Web3 and the metaverse are inseparably linked to each other, and both are still in their early stages of development. As the technology behind them continues to grow in scale, governments are taking the opportunity to develop their own metaverse economies, and this will become more mainstream in 2023.
    • For example, the city of Dubai has already announced their Dubai Metaverse strategy, with the aim of turning Dubai into one of the world’s top 10 metaverse economies as well as a global hub for the metaverse community. It also promotes Dubai’s ambitions to support more than 40,000 virtual jobs by 2030.
    • In 2023 Trusted Identity will be at the core of making this goal a reality. While the Metaverse can pose huge potential for privacy violations and data breaches that can compromise an individual’s personally identifiable information (PII), decentralised identity will play a key role in ensuring its safety.
    • With more companies hopping on the Metaverse and Web3 in 2023, decentralised identity will enable digital identities for individuals and corporations without handing over control of their data to third parties. Users will have control of their identities and can enter different worlds in the metaverse and interact with various companies or entities by establishing trust using verifiable credentials to prove their identity without handing over personal data.
  • Organisations and governments will acknowledge the need for post-quantum readiness and start to prepare.
    • Quantum computers pose an inevitable threat to digital security. We are about to enter an era where the available computing power can and will break conventional cryptography.
    • The migration to quantum-safe algorithms is much more involved than one might think and will take years to achieve. This will take detailed and careful work that is time consuming and requires specific skills. And, with the skills and resources challenge in the tech and cybersecurity space, this will be tricky to navigate for organisations.
    • Threat actors are harvesting data today to decrypt later, organisations should be working today to adopt quantum-safe protocols to ensure they can’t. You don’t want to be left behind when the first report comes out that RSA 2048 has broken.
    • We are now seeing multiple sources − including Gartner, the NIST/DHS reference model, McKinsey − making the call for organisations to migrate to quantum-safe algorithms immediately.
    • Mastercard has already announced it has launched a contactless card for the quantum computing era.
  • An organisation’s security posture will become a board-level priority.
    • It’s not just the IT team that needs to be aware of and involved in enterprise security posture anymore. As the threat landscape grows and continues to evolve, boards are increasingly concerned and want to hold leadership accountable for the security of sensitive data. Business leaders now understand that it’s not IF, but WHEN an attack takes place so they want to be as prepared as possible.
    • C-suite performance and compensation will become tied to cyber risk profile regardless of functional domain.
    • Increasingly CISO/CIO is an integral part/leader of strategic decision-making process.
  • Technology buying groups will look different.
    • Key decision makers and influencers are changing. Those involved in buying decisions to secure core business/enterprise infrastructure is expanding and shifting from what would have been considered the traditional key decision makers.  Most of these buying groups will avoid engaging with a vendor until they already know that vendor has a solution that meets their requirements.
    • This is one reason we are seeing an emergence of the Chief Risk Officer buyer persona.
Previous ArticleNext Article


The free newsletter covering the top industry headlines