Today's top stories

10 security changes post-COVID-19

CISOs must anticipate burgeoning needs for distributed security scale, intelligence, and self-service.

Back in March, I heard from several CISOs about how COVID-19 was disrupting their cybersecurity programs and changing their priorities.  A few weeks later, I connected with some CISO friends, and got an update on phase 2 of their pandemic journeys

While no one knows when the coronavirus impact will end, we are getting a good perspective on what the new normal will look like.  Here are ten changes I anticipate (in no particular order):

1. Work from home (WFH) becomes the default model. This one is an obvious assumption, but one we can back up with data: According to ESG research, 79% of IT executives say that their organization will be more flexible about WFH policies after the pandemic subsides.  Furthermore, WFH seems to be, well, working: 78% of knowledge workers report being either more productive working from home or having no change in productivity.  Between productivity gains and real estate savings, WFH is a winner — and is driving lots of changes to security investment and priorities.

2. Any remnant of a security perimeter is now dead. When I started in security nearly 20 years ago, a group of financial services companies started an organization called the Jericho Forum, which pitched the concept of de-perimeterization.  While most security professionals agreed with the idea, scaling security remained a challenge, so network perimeters remained and changed slowly over time.  COVID-19 may be the final security perimeter coffin nail.  To support a more distributed IT infrastructure, security controls will move wholesale to endpoints — users, devices, applications, data, etc.  The good news is that cloud-based management planes will make this architecture much easier to scale and operate than in the past.  What are the new perimeters?  Users and devices (i.e., identities) and data. 

To continue reading this article register now

The 10 most powerful cybersecurity companies