Future Forward: Cybersecurity 2021 Predictions
It’s 2021. Where is my encryption-breaking dolphin?
I admit it. I watched Johnny Mnemonic. It is set in 2021, after all. I wager, there was no better way to prepare for my predictions blog. There will be spoilers ahead, both for the year to come and for the cyberpunk cult classic.
Any Device, Any Location, Any Service
From Beijing to Newark, Johnny accesses the Internet from borrowed computers and back alleys. In this fictional 2021, the act of carrying around a corporate laptop is long past.
Personal devices have long outnumbered corporate devices. In fact, it’s very common to deploy Duo and find people are using many more personal devices than expected. For example, take the case of the enterprise healthcare system discovering 30,000 unknown devices last year.
Personal workspaces outnumbered corporate offices in 2020. People working from home accounts for more than 66% of economic activity, and 42 percent of the labor force, in the U.S. in 2020 according to Stanford. Work isn’t done on-premises.
In 2021 Cloud Apps Surpass On-Prem Apps
In 2021, the use of Cloud apps will overtake on-premises apps. For a while, Cloud services have outnumbered on-premises services. But in terms of strong authentication, as identified in the 2020 Duo Trusted Access Report, there’s a clear trend line which will result in Cloud apps as the primary way people are working.
Security teams continue to grapple with how to secure this any device, any location, any service way of working. Expect more work to be done on securing the endpoint devices themselves.
Zero Trust initiatives, already underway in many organizations, will mature and provide assurances over context and conditions of authentication. With traffic not coming from corporate offices and not going to corporate data centers, organizations will also look to move visibility and detection to the edge, perhaps with Secure Access Service Edge (SASE) initiatives.
Johnny protects his data with three random images captured from a television screen. Much of the action centers around trying to gain access to these three images, including using the aforementioned cyber dolphin.
In the actual year 2021, we do have some recognition-based authentication. Select the images, and you’re in. Of course, some people also authenticate with QR codes, and smart links, PINs, smart cards, and certificates, biometrics, along with a multitude of other factors. If you want options, we have options.
Before we declare 2021 the year of passwordless, however, let’s acknowledge some of the concerns. As I mentioned in my 2020 review, the pandemic response pushed many IT initiatives off into 2021 and 2022. Organizations are cautiously evaluating passwordless to ensure improvements in usability, manageability, and defensibility. Given the factors and the impact on change, the emphasis is on increasing trust in authentication first, and changing the primary factor second.
Passwordless will be on the roadmap for 2021 in many organizations. Expect to see security teams running proof-of-concept projects and evaluating direction. To have the full confidence that changing the primary factor won’t adversely change the security posture, work will need to be done ahead to increase authentication trust.
Johnny stores 320 GB of medical data, the cure for the fictional nerve attenuation syndrome, in his head. This sets the clock because Johnny’s capacity is only 80 GB, 160 GB when compressed. If he doesn’t remove the extra data within a few days, Johnny will die.
Let’s address the one unrealistic detail in Johnny Mnemonic. No, not the dolphin. Not the cybernetically enhanced people. And I don’t mean the 3D Internet, either. I’m speaking, of course, about storage capacity.
First, anyone today can pick-up a 512 GB USB flash drive. No long-term human memory required. Second, no storage technology today, no RAID, no compression, would allow 320 GB to fit onto 160 GB and set a death clock. Finally, if the vaccine science is a baseline, that’s not nearly enough space for healthcare data.
Last year, it was reported that adversaries were attempting to steal COVID-19 vaccine data. Hundreds of terabytes of data.
Protecting Data Theft
We can expect the trends on data theft and ransom to continue. Ransomware will continue to hit organizations. Criminals will continue to steal and resell data. Security teams must continue to find better ways to provide data protection. Too often, the app is used as a placeholder for the data. For example, we say we are protecting healthcare data because we are protecting the Epic application. Standards and requirements will shift closer to requirements on data, leading security teams to reconsider their data governance.
Final Future Thoughts
The opening scenes find Johnny navigating a crowd of protesters wearing masks. Throughout the movie, Johnny coordinates his next steps over video conferencing calls. These ring painfully accurate as we witness the unrest, discuss it over web meetings, and wear masks out in public. We will be many months into 2021 before it begins to feel normal again. But I view this with hope. Some things have changed. Other things will return. Along the way, we have demonstrated the combined ingenuity of IT and security.
We have much to build, to clean-up, to correct. As they say in Johnny Mnemonic: Get your VCR's ready! It’s go time.
Try Duo For Free
With our free 30-day trial you can see for yourself how easy it is to get started with Duo and secure your workforce, from anywhere and on any device.