Here Comes 2023: Rezilion’s Security Predictions
It’s time for 2023 predictions about the security industry. What’s in store for cybersecurity and development teams in 2023? Making predictions for anything related to technology and business is always a bit tricky because so much can change so quickly.
Nevertheless, we are forging ahead with our best guesses about what organizations and teams can expect in the coming year.
Prediction 1: More Security Regulations in 2023
Protecting data — especially sensitive, personal information — against intrusions has become a major priority for governments around the world. It should come as no surprise, then, that there will likely be more data privacy and security regulations from government entities in the coming months.
Along with that will come greater enforcement of cybersecurity best practices and standards that focus on pushing organizations to implement essential security practices across both IT and operational technology. The U.S. presidential directive on SBOM use (see next prediction!) for federal agencies is just one leading indicator.
Organizations in essentially every industry will be required to have good visibility into all of the IT assets in their infrastructures, including the various software components. They will need to remediate any vulnerabilities in a timely manner, and more than ever, they will rely on automated tools to help with vulnerability management.
Prediction 2: Ongoing Rise Of Software Bill Of Materials (SBOM)
It’s no secret that cybercriminals have been going after weaknesses in the software supply chain to launch attacks, and there’s no reason to doubt this will continue to be an issue in the coming months.
Incidents such as the Log4Shell vulnerability, which affected a huge number of organizations, will make the adoption of SBOM a big priority. These resources give organizations an effective way to track all the components that make up a given piece of software, helping them address risks related to vulnerabilities.
At the same time, efforts will continue in maturing the SBOM ecosystem — adoption across sectors, tooling, standardization around sharing and exchanging SBOMs, and more.
Prediction 3: Preference For Unified Platforms
When organizations are considering which cybersecurity tools to deploy, expect many to lean toward unified platforms that address multiple security needs through a single dashboard. Organizations must protect more complex environments than ever — often distributed across multiple cloud providers — while the global cybersecurity workforce gap continues.
This, along with the current financial uncertainty, will drive the consolidation of various services that are now considered separate. Look for companies to adopt tools that provide lots of automation to save time and money while also prioritizing security risks.
Prediction 4: SCA Gains Ground
Securing the software supply chain is top of mind with many security teams, and software composition analysis (SCA), which provides automated visibility into all the components of software applications, will become an increasingly important tool in managing supply chain risk.
SCA tools automatically scan the source code of applications to generate an inventory of third-party, open source, and internal components, and organizations can use these tools to more efficiently manage the software components. They eliminate the need to manually examine each piece of code to identify components.
Given the recent supply chain concerns, organizations have begun to look for SCA tools that provide indicators of operational risk, such as slow or poor maintenance, questionable project viability, and multiple other factors, research firm Gartner said.
Prediction 5: More Organizations Will Adopt DevSecOps
DevSecOps, an extension of the DevOps model for software development that calls for applying security measures throughout the software development life cycle, is gaining ground at organizations. That will likely continue into 2023, given the ongoing threats to software supply chains.
Software vulnerabilities can serve as entry points for cybercriminals to launch a variety of attacks, which can have an impact on entire supply chains. One of the more dramatic examples is the vulnerability found in Apache Log4j in late 2021, which enables hackers to take control of systems and their data and puts millions of devices at risk.
Prediction 6: Automation Becomes Key To Successful DevSecOps
To be most effective for cybersecurity and development teams, DevSecOps needs to be automated. Automation will play a significant role in making DevSecOps a strategic initiative for companies.
One reason DevSecOps needs to be automated is that security is baked into the process and is part of the workflow. Security becomes an integral part of the development process rather than an afterthought.
Another reason is that automation can enable teams to deliver more value by eliminating manual efforts for checking for software vulnerabilities. This will free up teams to pursue more productive and innovative pursuits. And automation can decrease the number of errors that occur with a manual approach to software vulnerability management.