16 Data Security Predictions for 2023 and Beyond
It’s that time of the year again. The time of the year, when after ten hectic and hopefully rewarding months, the cybersecurity industry collectively comes up for air and starts to hope for a better future, or at least that they will be able to see it through to the new year. So as we start to imagine the 12 months ahead of us, we gathered a set of themes that are shaping the future of data security. These themes are influenced by a number prevalent trends influencing us right now and will continue to evolve.
Undoubtedly modern data privacy regulations will continue to be adopted across the globe, including more state and federal privacy regulations in the US. The volume of data being collected and created will continue to exponentially increase. This increase will include a rising volume of medical, genomic and health related data as the impacts of increasingly connected consumer devices that collect stats become even more mainstream. And cybercriminals? They will continue to find ways to exploit and monetize access to data. And for those interested in cricket and the ODI world cup in 2023? Our money is on Australia and India, in no particular order.
These themes are best understood in the context of the detailed predictions below made by the Symmetry Systems team about what 2023 and beyond holds for the industry and ourselves.
Increased Business trust from data centric security accelerates cloud adoption
Prediction 1: By December 2023, 20% of CISO’s will include a specific line item for data security in their strategy and budgets that includes headcount and technology. Confidence Level: 73%
Prediction 2: Through 2023, internationally recognized security regulatory and compliance requirements will formalize definitions of zero trust that extends to data (“zero trust for data” to ensure least privilege is continually assessed). Confidence Level: 58%
Prediction 3: Through December 2024, the percentage of organizations that trust their security staff to maintain a strong security posture from less than half (45%) to over 60% as business awareness and engagement increases, and confidence increases in their ability to secure data in the cloud. Confidence Level: 65%
Data risk quantification become a part of the day to day cybersecurity vernacular
Prediction 4: By December 2023, the concepts of data blast radius and quantifiable data breach exposure will be used in over 20% of public data breach notifications. Confidence Level: 55%
Prediction 5: By December 2024, cyber insurers will no longer rely on insured declarations alone to estimate the impact of potential losses, and use tools to aggregate potential losses based on quantifiable data breach exposure or data blast radius per user. Confidence Level: 50%
DLP shifts left
Prediction 6: Through 2023, organizations will increasingly look and invest in tools that reduce the potential for data leakage; rather than solely detecting leakage of data, resulting in a 10% reduction of spend in traditional enterprise DLP tools. Confidence Level: 68%
Radical data breach transparency becomes the norm as regulators get tough
Prediction 7: Through 2023, regulations like SEC rule 206 (4) – 9 will encourage radical transparency – resulting in 20% decrease in the lag time between disclosure of a breach and preliminary analysis of the impact to customers. Confidence Level: 56%
Prediction 8: Through 2023, organizations fined by one international privacy regulator will be fined again by at least two other international privacy regulators for the same issue. US states will start to adopt similar approaches as modern data privacy laws expand across US states. Confidence Level: 57%
Prediction 9: By June 2024, at least one large organization will be fined by a corporate regulator for their ongoing poor data governance and inability to demonstrate understanding of where their data is and how it is secured. Confidence Level: 66%
Multi-cloud becomes more multiverse
Prediction 10: By December 2023, 70% of organizations with one cloud deployment will deploy on a second cloud environment. Confidence Level: 67%
Prediction 11: Through December 2023, the approaches and standards for permissions management will continue to deviate for each cloud, resulting in a 30% increase in cloud identity and entitlement management usage to manage permissions at the user and data object level. Confidence Level: 76%
Vendor consolidation goes head to head with the cybersecurity mesh and loses
Prediction 12: Through December 2024, CISO’s that have adopted vendor consolidation approaches will look to layer in additional best of breed solutions as standalone vendors adopt more open interfaces. Confidence Level: 69%
Prediction 13: By 2025, data security posture management (DSPM) vendors that offer solely a static analysis of permissions on data objects will fail as cloud security posture management (CSPM) vendors and other vendors add these capabilities to their platforms. Confidence Level: 72%
Prediction 14: By 2028, adjacent markets for cloud security posture management (CSPM), cloud infrastructure entitlement management, and data security posture management (DSPM) will blur with platform vendors offering capabilities that meet the infrastructure, data and identity needs on a single platform. Confidence Level: 76%
Security posture all the things all the time
Prediction 15: By December 2024, privileged access management and identity governance and administration tools will consider security posture into policy decisions when granting privileged access and assessing ongoing need for permissions. Confidence Level: 762%
Prediction 16: By December 2024, All market leading identity providers will have acquired or invested in both a data security posture management (DSPM) solution, and a cloud infrastructure entitlement management solution. Confidence Level: 74%
As organizations solve their current issues focused on configuration of the cloud, they will shift to focus on the growing importance, complexity, and scale of data being collected and used by organizations. If this sounds like your organization, you can use these predictions to find where future risks and opportunities lie. If you would like to learn more about DSPM or see DataGuard in action, please do not hesitate to reach out to me or the team at [email protected] or register for a demo here: https://www.symmetry-systems.com/demo.
Each prediction was contributed by a member of the team; and we asked them to provide a confidence level for their prediction. The predictions must be:
Time bound, i.e. achieved by a certain data or if a trend and measured across a defined period.
Specific and measurable i.e., there should be no debate on whether the prediction came true.
Realistic i.e., they must be confident that this will be achieved.
This approach will allow us to come back in 12 months and grade the precision and accuracy of our predictions (a set of attributes we value as an organization). The individual predictions were further grouped into their underlying themes and sorted by time frame.