The future of trust—no more playing catch up

By Eric Chien, Director of Security Response, Symantec Enterprise Division, Broadcom

This is a continuation of Broadcom’s blog series: 2023 Tech Trends That Transform IT.  Stay tuned for future blogs that dive into the technology behind these trends from more of Broadcom’s industry-leading experts.

It is difficult to overestimate the impact Covid had on the future of work and IT technology.

The pandemic sent the workforce home and technology services followed them out the office door. There was little time to consider and mitigate against all the new security implications. That said, working from home is no different than a lot of other circumstances in business. Conditions change and infrastructure is often put together at warp speed to meet the immediate business need. In this case, it was an immediate need for many employees to work from home. But for many organizations, a modern security infrastructure was never put in place to support hundreds of thousands of employees accessing a business infrastructure from home. There was no time.

Cut to today: employees have spent nearly two years working from home (WFH), and a lot of them like the arrangement and don’t want to return full-time to a physical office. Several major businesses now want to turn back the clock, but efforts to convince employees to return to the way things were, pre-pandemic, are proving to be challenging. Now that businesses can no longer pretend that WFH is going away, they know they must put the security infrastructure in place. They can no longer play catch up.

Managing the risk of distributed trust

Because Covid opened a proverbial Pandora’s Box on remote work and the permanence of a distributed workforce, organizations realize that they will need to manage risk even more carefully, and in new and more different ways, than they had to in the past.

Add to that, how and where technology services have moved (or are moving). For example, before back office software was purchased and installed on servers that were located inside an organization’s office. That is not the case anymore. These services are now cloud-delivered by multiple vendors all around the world.

Decentralized trust and the distributed workforce

The concept of decentralized trust fits hand-in-glove with the realities of a permanently distributed workforce. In a new, permanent remote workforce model, that “trust check” will no longer be at the physical door. It will be everywhere. It will be decentralized, it will be distributed, and it will involve multiple vendors. The trust check will need to happen on the client side, from where and on what device the worker will login from.

Identity security will become even more critical in this new world of decentralized trust and distributed human and machine resources. As enterprises take on more and more cloud applications, cloud access security will also become more critical. The urgency to implement new security systems for both identity and cloud access will drive IT transformation and budgets in 2023.

Identity security and MFA

The first phase for many organizations will be modernizing identity security by moving beyond passwords to a passwordless future characterized by a form of multi-factor authentication (MFA) augmented by a biometric element, such as a thumbprint, facial recognition, or retina scan.

This is the critical first step as humans enabling access to malicious third parties are a key element of most data breaches. This was true pre-pandemic when most workers were office-based. Without more effective, decentralized identity security controls, it will become even more of a vulnerability in our distributed workforce future.

It is easy to see how powerful this trend will be in 2023. As according to one recent survey, only 26% of enterprises today have implemented any form of even basic MFA.

Verifying assets via CASB

While MFA is a good first step—security professionals can “trust” the user accessing sanctioned SaaS applications—how do they make sure users are behaving normally and just doing their job? How do they ensure nothing is uploaded to the application that shouldn’t be, and how do they make sure they have full visibility into transactions? That’s why implementing some form of Cloud Access Security Broker (CASB) technology becomes critical to secure all remote, cloud-delivered assets.

CASB will provide organizations with the tools they need to interject security policies as their cloud-based resources are accessed. In essence, CASB defines what decentralized trust is all about: in a future of distributed, cloud-delivered assets, it re-centralizes security controls. It will provide the other most critical component of the security model for the distributed workforce of the future.

As 2023 progresses and more workers remain remote, trust becomes even more distributed. Security professionals cannot remove the risk of distributed trust entirely—bad things will happen—but they can look at how to manage the risk of distributed trust and put plans in place to build resiliency across a distributed infrastructure.

To learn more about tech trends transforming IT in 2023, visit Broadcom’s Trends 2023 blog.

About Eric Chien:

Eric Chien leads a team of engineers and threat hunters that investigate and reverse-engineer the latest high-impact Internet security attacks. Via these attack techniques and trends, he develops and drives threat intelligence and novel security solutions to prevent and mitigate against the next big attack.