This article originally appeared on the VMWare blog.
While the cybersecurity landscape may look daunting as the new year progresses, organizations should focus on building the proper strategies for protecting our valuable data and mitigating the endpoint security risks that 2020 promises to bring. This means taking a critical look at the past 12 months, and identifying the changes a security team can make now, that will be most impactful in the 12 months to follow.
Let's explore some important enterprise security goals for an organization to consider, as 2020 advances.
One of the big buzz words of 2019 was "Zero Trust" - with the thought that the end user should have as little access to the device they are working on as necessary. We as an industry need to start measuring and scoring the trustworthiness of the products that we install in our environments. Exactly how do these products perform in the real world and not just in a lab? How do we know from day one that we can trust a product to perform in production? It is easy enough to allow security technology to win through traditional commerce, but truly successful products will win because customers decide to invest in renewals, and the poorly performing products will die. I expect that in 2020, we will start looking at the trustworthiness of applications and de-emphasize the focus on being impressed by marketing costs.
When discussing the importance of a time-out on security spending, the following questions are important to consider: "Am I utilizing my security dollars efficiently," and "How do I ensure that my organization is resilient based on the acquisition of new security?"
Companies have stuck to the same old playbook for years now, and it has one directive: buy more products. This isn't going to result in the protection that enterprises require to combat hackers. As the new year approaches, businesses need to ensure that what they are already spending money on and deploying in the enterprise is actually working and protecting the environment. Today, organizations can expect to be compromised, but their ability to bounce back from such an attack will matter most to the company, its customers and partners.
This resiliency will also affect how the role of the CIO and CISO will develop within the next few years. CIOs are going to have to prove exactly how existing products are living up to their full potential. If they can't show how current products will prevent and repair damage due to a cyberattack, then future investments will become even more scrutinized. As a result, we're going to witness the introduction of protection level agreements guaranteeing that the strategies implemented will protect against certain severity levels of a cyber attack. With this in mind, it will become essential that CIOs and CISOs put a hold on any security spending, and take the time to reevaluate their security landscape to ensure the products they currently use are actually worth the investment.
The most significant challenge for the education industry will rely on the identification and attraction of security professionals into the K-12 field. Budget constraints and advancement opportunities within the education sector for security specialists are generally not a great combination for attracting talented security professionals. Budget constraints may lead to the industry purchasing products that are tailored specifically to education use cases, but fail to follow secure development processes. This causes additional problems for the IT professional in the education system.
With this in mind, the education industry will also need to invest in personal development as 2020 continues. The industry as a whole is grossly under investing in its employees, and its IT department is no exception. Training courses must become a priority, not only to ensure all employees are keeping cybersecurity top of mind, but to help promote IT careers in the education sector. Without this focus, key IT players will soon discover better opportunities within another industry.
In 2020, it's going to be important for the healthcare industry to focus on building significant trust among healthcare professionals and IT security/privacy best practices. The balance of a patient's life, accessing data quickly but accurately, and privacy concerns can be very conflicting, which puts cybersecurity on the backburner. In the new year, healthcare IT will need to provide greater and more robust security and privacy practices within their environments and better identify who requires certain privileges and access to patient data and systems.
It will also be important for the healthcare industry to better understand their environment and validate that their existing purchases are performing as expected - allowing better budget spend moving forward. Once this foundation is established, there is an opportunity for the industry to build on it, using tools that have already proved their worth and ensure a more seamless experience for the patient.
For more on the state of endpoint security, download the Endpoint Security Trends Report.