Cybersecurity Things to Celebrate in 2020
As another calendar year comes to a close, it is a time for reflection on the year past and predictions for the year to come. I think we can all agree that 2020 was anything but a typical year (and a poster child for Murphy’s law "anything that can go wrong, will go wrong.")
Our industry is really good about posting about what has gone wrong, highlighting the latest data breaches, vulnerabilities and threat vectors. There is no shortage of articles about the very bad things that all of us in the information security industry are acutely aware of. And hey let's be honest, we wouldn’t have careers if the bad things didn’t exist!
As we put 2020 in our rearview mirror, and look forward to 2021 with dewy-eyed optimism, I want to take a moment to celebrate and anticipate.
Things to Celebrate in 2020
Remote Work
In a very short time, many organizations made the massive shift to supporting remote work. Sure it was a little bumpy, and maybe we didn’t put all the security controls in place off the get-go. But teams worked tirelessly to keep things running smoothly, keeping critical systems and services online and shifting rapidly to a perimeter-less world (some embracing a zero trust security approach accidentally, others with intention).
This new modern remote work model is likely here to stay. A side benefit has been that while we are all working from home, we have had a unique opportunity to reconnect with our families. We've also connected with our co-workers in new ways and in a sense have become more human. Some of us had new co-workers (pets, babies, gardners) in our home offices that added some additional entertainment to our new remote world.
The key is that organizations got creative, and found news ways to connect their employees with the systems they needed to stay productive. Security companies like Duo showed up to reduce some of the friction to help companies implement controls around authenticating users with multi factor authentication (MFA), establishing trusted access in devices with endpoint security and in general supporting remote work with remote access security.
Virtual Conferences
We all miss our communities of like-minded people. Getting together in person to build our networks, share ideas and processes. But we still get together in this virtual environment in fun and innovative ways with interactive platforms with virtual backgrounds, filters and avatars as remote work continues into 2021.
We are fortunate to have the technology and tools available to make this possible to keep working and connecting to friends and family. I for one am looking forward to more amazing events that we saw in 2020 with HIMSS, Blackhat, Authenticate and more. Oh and let me be the first to say DEF CON will probably be cancelled in 2021 ;)
Accelerated Cloud Transition
Thank God for the cloud. While cloud services and platforms are still viewed with hesitation and a healthy dose of skepticism, without them it would have been more difficult to achieve what we did.
Organizations who were averse to the adoption of cloud, or who were slow to adopt cloud into their operations, moved full steam ahead to cloud service models. Does this mean the end of on-premise and physical infrastructures? No, there will always be a need for some level of these services.
Now we see more hybrid environments to facilitate the new reality of work. Since most cloud applications use Security Assertion Markup Language (SAML) they can be added to single sign-on (SSO) solutions. It is critical that we adopt these cloud services in a way that streamlines the user experience with adaptive access policies. What became very clear during this shift is transformation can move quickly and securely at the same time.
Security Priorities
Digital security is generally something that we are all acutely aware of, I mean it's kind of our job. During this transition, while other initiatives and programs were deprioritized and funding reallocated, security sprinted to the front of the line. The focus wasn't just how can we have more security, but how can we make security better, and implement it with less friction.
General users got on board with virtual activities, making sure that they were accessing their tools securely instead of trying to work around the security controls put in place.
Tools that track anomalous user behaviors and evaluate the security hygiene of devices security became almost invisible, keeping the bad things out while ensuring productivity.
Things to Anticipate in 2021
Passwordless
As I am sure most can relate, I have more passwords than I can keep track of and use a password manager to keep them all straight as well to avoid using repeat passwords. As an industry we have also acknowledged that passwords are problematic and the leading cause of most breach events. The shift and trend towards a passwordless world is something that both practitioners and users alike desire. Imagine a world where you can log in without a password!
There are challenges associated with ‘killing the password.’ Infrastructures are complex and not all applications employ the same logic when processing passwords. There are going to be some exciting innovations coming to support a future with no passwords. I think the thing that we have to keep in mind is that this utopian world won’t be realized overnight and it will need to be accomplished in iterative steps.
Duo is going passwordless. We are right here with you to support your journey and have some useful resources to help get you started.
Zero Trust Network Access – The Future of Remote Work and VPN
Remote work is here to stay. As organizations plan for the eventual return to the physical office, considerations are being made for how to continue operations in a hybrid model and how to continue supporting a mostly remote workforce. Organizations are looking for alternatives to Virtual Private Networks (VPN) for different reasons.
Some want to keep VPN dedicated to critical infrastructure, others want to provide a cloud-like experience to users, but mostly there is a desire to obfuscate what is in the cloud versus on prem by using consolidated login flows. Whatever the reason, we will likely see some innovations around this area.
Providing a modern remote work experience is something Duo is committed to as we play a part in the Cisco Secure Access Service Edge (SASE) offer. Expect some exciting developments in this area in the year to come.
In Conclusion
There is no question that 2020 was a year fraught with challenges and hurdles, unpredictable world events, and the bad actors taking advantage of these situations. But we are resilient.
We thought of creative ways to tackle the circumstances we found ourselves in and we overcame them. We not only survived but innovated the ways we connect and do business. Most importantly, we've done so securely. We've shown up to help one another when we needed it the most.
So 2020 as we say goodbye, while it's tempting to send you off with some colorful words, instead I say thank you. Thanks for pressing us to evolve our security practices and pave the way for an exciting new future.
But don't let the door hit you on your way out, and don't feel like you need to make a cameo appearance next year. We're good.
Try Duo For Free
With our free 30-day trial and see how easy it is to get started with Duo and secure your workforce, from anywhere and on any device.