How we live and work changed dramatically in 2020. As a result, the way many of us manage and protect data in 2021 will be very different.
The massive switch to remote working has led to a huge increase in the use of Microsoft 365 and Google Workspace, among other applications and SaaS.
This seismic shift in collaborating and storing sensitive data has exacerbated the risks of widespread data loss.
At the very time businesses are preparing for an uncertain future, IT departments are facing an alarming number of internal and external threats.
This has prompted a greater awareness across industries for the need for third-party data protection technology.
Questions are being asked about whether the traditional on-prem approach for data protection remains fit for purpose, especially when employees are rarely onsite and the data is in the cloud.
With many organisations entering the new year on tighter budgets amid a pandemic-ailing economy, there is a real need to ensure all expenditure represents value for money.
Some businesses have been quick to adapt already. For others, 2021 is expected to usher in a transformational year for data management and protection.
The rush to set up employees’ home offices at the outset of the pandemic forced organisations to bring forward cloud-native application plans.
As a return to normality seems unlikely any time soon, many enterprises have decided to stick with remote working, if not forever then for the foreseeable future.
According to a survey of chief financial officers by market research firm Gartner, almost three-quarters of companies (74%) expect at least 5% or more of their former on-site employees to work from home on a permanent basis, while nearly a quarter of firms are planning to keep at least 20% of their workers out of the office post-pandemic.
What was supposed to be a temporary change in working arrangements has become the new normal for many organisations. Just 5% of IBM’s workforce currently work from the company’s offices.
Remote work has resulted in greater cloud usage. Many businesses will be moving more of their infrastructure to the cloud and having to deal with the security challenges that arise from a hybrid infrastructure.
That creates problems for companies that rely on perimeter and on-premises security software and appliances to keep their systems and data safe.
Six in 10 remote workers are using personal devices to carry out their work and almost all of those workers believe naively that their devices are secure.
Keeping everyone’s data protected is no easy task.
Here we look at the top 5 trends to watch out for in 2021 as organisations strive for smarter, safer and simpler ways to manage their data.
- As ransomware becomes an even bigger threat, the cloud will be critical to securing endpoints
When organisations are more vulnerable, cyber-criminals need little encouragement to capitalise.
As remote work disrupted and weakened security processes, the number of ransomware attacks increased – and there is no sign of any let-up.
The first half of 2020 saw an approximate 35% increase in total attack volume compared to the second half of 2019. No-one is safe, cyber criminals have even set their sights on life-saving vaccine supply chains.
The targeting of the most vulnerable victims, and tactics that make it more difficult to recover encrypted data will keep ransomware the most profitable “line of business” for cybercriminals in 2021 and the single biggest threat for all organisations.
It is impossible to know what the future will be like over the next 12 months, but we can be better prepared.
Michael Sentonas, chief technology officer at security services firm CrowdStrike, said: “It’s my feeling that after the pandemic has subsided, we are going to see a major shift in the workplace as more businesses turn to remote-friendly cultures.
“This shift will cause cloud and SaaS adoption to be more important than ever. The cloud will ultimately secure workloads regardless of where employees are located, which will be critical to secure endpoints now and moving into the future.
“With no sign of attacks slowing down, it’s more important now than ever for companies to be vigilant about their security posture and train employees on possible risks to protect and defend against rising threats.”
That means investing in people and technology to help stop attacks; and focusing on the basics – multi-factor authentication (MFA), regular application of security updates and especially comprehensive backup policies.
- Organisations will undergo a total reassessment of security strategies
Cloud is here to stay and employees are going to be hooked on collaboration tools that make their jobs easier and more productive.
However, attackers will focus on any resulting security weaknesses.
Protecting all endpoints is a major challenge, though, when they can be anywhere and on devices organisations don’t control.
Nation-state sponsored attacks are becoming more prevalent and keeping up with the increasing sophistication of organised cybercriminals, who are getting ever more resourceful, is a major issue.
The capability to adapt what may be a long-standing security infrastructure and ensure staff pivot quickly to meet new demands is crucial.
Security measures adopted on the assumption that remote working is only temporary must be revisited.
Many companies are incapable of locking down their employees’ laptops.
When the workforce is operating outside of any perimeter security that previously existed within an office space, an organisation will be left relying on:
- security built into the endpoint
- security awareness instilled in users
- forced connectivity back to the infrastructure via a VPN
Employees’ decisions to use unapproved cloud services for work, so-called shadow IT, add to the new vulnerability, while remote privileged users pose a further risk to network security.
If a ransomware attack cannot be prevented, recovering from it is absolutely paramount.
Without an isolated, up-to-date backup of data, IT systems have no previous working state to revert to.
Offsite, air-gapped backup will therefore be a top priority in 2021.
Cloud-based protection that guarantees recovery from ransomware attacks will be in huge demand, while the burden of managing manual, time-consuming backups will be consigned to the past.
Regardless of where the data is stored, organisations will demand instant data recovery. Even when structured and unstructured data is spread across fragmented silos.
A specialist cloud data management service typically means robust processes that offer vital protection from backups being deleted accidentally or intentionally by hackers or rogue employees.
Modern solutions now instantly restore individual files or whole systems, using user-driven recovery methods. Users and customers can access and work on priority data while the rest recovers in the background.
Software-only solutions (especially pertinent during the current climate) with military-grade encryption and full automation will become more and more popular.
- CISOs will face increased responsibility and demands
As cybercriminals aim to profit from disruption, Chief Information Security Officers should seize the chance to have a bigger role at executive level.
The pandemic has undoubtedly raised the profile for security. A greater number of ransomware attacks has caught the attention of boards of directors, and they are looking to CISOs to respond.
Almost half (43%) of CISOs feel that they are competing with other business initiatives for funding, reports 451 Research and security firm Kaspersky.
However, almost every expert recognises businesses need to take security more seriously than ever before.
The sudden need to safely support scores of remote workers has raised concerns over the vulnerability of systems and data – and not just to ransomware.
According to Forrester, insider incidents, accidental or malicious, will be a factor in a third of all data breaches in 2021. That’s a 25% year-on-year increase.
This will be down to a combination of rapid evolution to remote working, fear of job loss, and the ease with which data can be moved.
Organisations should keep in mind that maintaining control is everything while making threat defence and employee engagement big priorities.
As the financial impact of breaches grows, CISOs should find it easier to make their case for funding.
Especially since Gartner is predicting that by 2024 as many as 75% of CEOs will be personally liable for cyber-physical security incidents.
CEOs will be eager to understand the impact of a ransomware attack, the speed of response and the impact on the business.
Having plans in place now is far better than trying to contain it later when loss of earnings and company reputation are on the line.
To fully protect a business, a ‘recovery-first’ approach is essential.
- More businesses will turn their data deluge into a data-centric advantage
The value of data continues to rise exponentially with many organisations remaining data rich, but information poor.
Data silos prevent businesses from exploiting the true value of their data. Sales have their databases, finance has enterprise applications, product usage often involves a third party, while agencies have web/log data and suppliers may have their own ways of doing things too.
Nearly nine in 10 (89%) IT leaders report these data silos are creating business challenges for their organisations’ digital transformation initiatives, up from 83% last year.
Data is everywhere, but tracking it down, and establishing who is accessing it is problematic. It varies in type, location and the rate of change, while collaboration is complicated.
As the data deluge continues, organisations must be able to manage and secure the data across their IT estates. But that’s not as straightforward as it sounds.
The most successful CISOs have always viewed the security function in a business context. Now that they are the focus of so much more attention, it is vital to press home that viewpoint.
That means going beyond talking about threats and mitigations and explaining how the right kind of protection also enables the business – as opposed to holding them back.
Understanding and classifying data across an entire ecosystem can be a huge issue.
Legacy backup technologies can lead to data silos, while storing data offsite on tape can lead to delayed access. Restrictions on visibility can mean lost opportunities and this has monetary implications.
Apart from addressing the challenge of storage costs, CISOs now have access to technology that gives businesses complete oversight of their estate.
Having the capability to see data in one place can help simplify governance across workloads with centralised controls.
The right automated protection also reduces the operational burden as data management becomes smarter, quicker and easier.
- The importance of Kubernetes-native software will increase – along with the need to protect it
There continues to be a huge increase in cloud-native technology. From a business point of view it is highly desirable as applications are always on, available and can be updated by a development team with zero downtime.
Development teams address customer requests more or less as they come in, instead of waiting weeks.
In 2021 when applications are built and taken into the cloud, they are being deployed in containers.
This is because containerisation brings the capability to run all kinds of different applications in a variety of different environments – on-premises or within the public cloud – such as AWS, Azure, and GCP.
The scheduling and orchestrating of operations is essential, though, to eliminate many of the manual processes involved in deploying and scaling containerised applications.
Kubernetes is an increasingly popular way of provisioning and keeping track of all these containers as it eases the burden of configuring, deploying, managing, and monitoring even the largest-scale containerised applications.
Without an orchestration framework, services will be left to run wherever they have been set up manually – and if a node is lost or something crashes, it is manual work to fix it.
With Kubernetes, you determine how your environment should look, and the framework ensures it looks like that, dramatically scaling up or down if necessary.
Organisations can schedule and run containers on clusters of physical or virtual machines, while automating many operational tasks.
By facilitating the deployment of applications in this more efficient way, Kubernetes saves time and money because it takes less manpower to manage IT. Infrastructure costs can be slashed for an organisation operating at massive scale.
Apps are also more resilient and performant as they can be moved more easily between different clouds and internal environments.
As the usage of containerised software increases, expect more organisations to develop software specifically with Kubernetes in mind.
These containers will need protecting if an organisation is to recover individual files easily or quickly, or recover from user-driven errors or recover configuration information.
There will also be times when data needs to be pulled out of sources like databases rapidly and injected back into an infrastructure that has just healed itself.
So 2021 is likely to see an increase in demand for third-party data management platforms that specialise in protecting Kubernetes environments.