This time last year, we didn’t see widespread, mandated ‘work from home’ in the tea leaves. But we have always been focused on keeping employees protected, connected, and productive outside the office. Now, we can only predict how the trends that emerged in 2020 will evolve over time as businesses place more emphasis on looking after their employees’ health while keeping them securely connected and productive.

1. Organizations will face the security implications of cloud adoption

COVID-19 forced companies to accelerate digital transformation efforts and cloud adoption. According to Gartner, by 2022, up to 60% of organizations will use an external service provider’s cloud-managed service offering, which is double the percentage of organizations from 2018. 

Decentralized IT is becoming the norm with data and services now being spread across a hybrid environment consisting of on-premises infrastructure, private and public cloud software deployments, and SaaS applications. 

However, this hybrid multi-cloud environment is placing strain on security teams that have to deal with the repercussions of having data in so many different places. Legacy access and security tools are not built for the cloud; and many organizations are starting to recognize the security risks of having data and applications directly accessible to anyone on the Internet. Research found that 27% of the US FT 500 companies have at least one external cloud storage accessible without any authentication from the Internet.

We predict companies might pump the breaks a little on cloud migration projects as they refocus on refining their end-to-end security strategies. Connecting workers to distributed workloads is the easy part; protecting business applications and intellectual property in a decentralized, hybrid, and multi-cloud environment is where we expect to see security leaders focused in the coming year. 

Every company has its own considerations and constraints when it comes to the cloud. IT will need to consider the implications for security, latency, availability, data location, etc.  

2. Remote work will increase the number of portable devices that need to be protected

Over the past decade, people began consuming more and more internet data on their smartphones. The same applies to work-related data, with the rise of mobile SaaS applications, including productivity suites like Microsoft Office 365 and CRM tools like Salesforce. In a typical organization today, 60% of devices containing or accessing enterprise data are mobile. 

The productivity benefits of smartphones and tablets have been widely embraced by the enterprise. Sometimes they are often provisioned and managed by the organization but often, personal unmanaged devices are used. 

Before 2020, mobile work was largely about people on the road staying connected from a smartphone, now it’s about people who are working out of their house or vacation home. 

So we expect to see a shift towards small, ultra-portable form factors with people increasingly working on a convertible device with a full keyboard, or a large screen tablet they already owned at home. We also expect people will rely on a cellular signal to connect when home Wi-Fi bandwidth is stretched thin. They’ll lean on Jetpacks, mobile hotspots, and MiFis so they have multiple network options to support their multiple device options. This means more mobile endpoints for IT to protect.

According to Verizon, 87% of enterprises are seeing mobile threats growing the fastest this year, outpacing other threat types. While the majority of organizations have embraced BYOD policies, the vast majority (94%) said BYOD has increased mobile security risks.

The remote working trend is likely to extend well beyond a successful COVID-19 vaccine. So IT needs to establish modern security that fits the needs of a broad array of managed and unmanaged devices and networks. Be sure to look for a security solution that has capability both on the device and in the network and can provide flexible security policies that suit every use case.

3. Legacy security technology like VPN will make way for cloud-based secure access

When COVID-19 forced employees out of the office and into their homes, there simply was not the supply chain in place for IT teams to get secure devices and connectivity to people in their homes. In an effort to stand-up remote operations quickly, organizations looked to legacy security architectures like VPNs and VDIs as the silver bullet for secure remote access. However, the reality of VPN has got IT looking back to the drawing board. 

Not only do VPNs introduce latency, break native application experiences, and generally kill productivity, they add management overhead and grant excessive access to sensitive resources.

According to Gartner, by 2023, 60% of enterprises will phase out most of their remote access virtual private networks (VPN) in favor of ZTNA. Furthermore, by 2022, 80% of new digital business applications opened up to ecosystem partners will be accessed through zero trust network access (ZTNA).

In 2021, we expect businesses will begin to experience the limitations of VPN and start looking for more modern secure access solutions that scale and perform far better than appliance-based security.

Ensure your security solution offers risk assessments so users and devices can be assessed before the user is authorized to access a given application while cloaking applications that don’t need to be accessed. For example, our data shows 11% of devices compromised by malware continue accessing cloud storage after being compromised.

4. Context-aware authentication will grow in demand

Password-based authentication has long been a contentious topic in security. Make it too difficult and users will get locked out, make it too easy and hackers will get in. In addition to the user experience challenges presented by passwords, they also pose a security risk.

According to this report, almost half of enterprise users recycle passwords for multiple logins, in a clear case of compromised security, according to respondents. And nearly all of the respondents (90%) have witnessed security incidents stemming from the theft of credentials. Further, 73% of businesses have given staff extra training on how to remain cyber safe when working remotely, with specific training around verifying passwords and log-in credentials.

User authentication, even multi-factor, can not verify that the endpoint is secure, that devices are configured correctly, or whether malware or leaky apps are present. In 2021, access and security policies will be determined by context – where you are logging in, what time, and from what device. This shift in authentication will change the need for passwords. 

While the methods of authentication will likely continue to move toward a superior biometrics-based approach, the most important authentication factor will become the context in which users are looking to gain access. Soon, opening different apps will not only rely on facial recognition or your fingerprint but where you are, the network you’re connected to, the country you’re working from. 

IT teams should integrate their access solution with a security solution that includes device monitoring to collect a broad range of device telemetry to identify risks such as configuration vulnerabilities, malware, and unsafe apps to bring that rich context into the access decision.

5. 5G will empower users to do more intensive work remotely but will increase risk for a growing number of connected ‘things’ 

5G is here. The benefits of low latency, high bandwidth, and more reliable connections to edge devices pave the way for a hyperconnected future and a more productive remote workforce. According to this report, 20% of all employees rank slow network speeds as the most frustrating thing about mobile. 

With 5G now a reality, people will want to do more on their mobile devices than ever before because it will be super snappy and an overall better user experience (for certain tasks) than pulling out their laptops. Equally, 5G will become a viable form of connectivity for more than just a smartphone; it will make a difference for people working from home on a laptop with high bandwidth needs. 5G will support a wide ecosystem of connected devices which is good news for businesses that rely on IoT technology. Additionally, eSIM will introduce mobile connectivity into smaller, lighter form factors, as well as large scale machine-to-machine deployments in the automotive and energy sectors.

It’s very easy to get carried away with the benefits of 5G and eSim and envisage a wireless utopia, but as with any new technology, security is a concern. 62% of respondents to an Accenture survey expressed fears that 5G will render them more vulnerable to cyberattacks and 74% say they expect to redefine policies and procedures as 5G emerges.

For companies to adopt 5G securely, existing and future infrastructure needs to be considered and adapted accordingly, particularly because vulnerabilities have already been identified