In 2022, IT professionals will recognise that they need to invest in the security of RPA, including how to orchestrate the digital identities that help bots connect and communicate securely
This is an exclusive interview conducted by the Editor Team of CIO News with David Mahdi, Chief Strategy Officer & CISO Advisory at Sectigo, on:
The Top Trends for Digital Identity in 2022
As enterprises embrace the new normal of remote and hybrid work environments, establishing digital trust for the massive numbers of machines, software, devices, and humans interacting with digital services is essential to conducting business securely. The volume of human and machine identities continues to explode, and to future-proof their businesses against threats, CIOs and CISOs must think strategically about cyber trends that are already or will soon become mainstream. From Zero Trust to embracing Robotic Process Automation (RPA) and the Metaverse, establishing digital trust with identity-first security is a critical first step.
Below are the four trends for 2022 in a world where identity is the new perimeter:
1. Zero Trust Evolves to Focus on Identity-First Security Principals
In a fast-paced hybrid-multi-cloud world, traditional security approaches simply don’t scale and aren’t effective. This is exacerbated by the continuing situation where people remain remote and cyber-attacks continue to disrupt business in new ways every day. With the growing complexity of these threats, enterprises can no longer ignore investments in the people, processes, and technology of cybersecurity and identity-first security.
While many organisations focused on “zero trust” initiatives over the past couple of years, many recognised that identity in humans and machines is the foundational layer. In a zero-trust approach, organisations must first verify the identity of the entity, validate its status, and determine if, at that current moment, it should be granted access. This is the high-level notion of Zero-Trust Network Access (ZTNA). ZTNA depends on the strong digital identity of the human or machine requesting access. The focus must be on human and machine identities, governing access to these identities and securing data with privacy and compliance in mind.
2. Identity-first Security for Robotic Process Automation Will Rise in Importance.
In 2022, IT professionals will recognise that they need to invest in the security of RPA, including how to orchestrate the digital identities that help bots connect and communicate securely. RPA is an emerging technology that automates repetitive digital tasks for employees. The global RPA market expects its market value to reach $46 billion by 2030 due largely to the need for virtual workforces. We already know that RPA is on a great growth trajectory, but as organisations put even more emphasis on RPA and related bots, an equal emphasis needs to be put on their security and access with identity-first security.
In contrast to identity security methods that work well for humans, bots can’t use tokens, traditional multi-factor authentication methods, or password-less methods like biometrics. One proven approach is with PKI, and specifically, digital certificates that can bolster their identities and ultimately mirror bots’ lifespans. Organizations must also monitor each bot’s behaviour in case one is hijacked. Layering in additional security fundamentals like data security and policy and access controls, such as IAM, is needed. Enterprises will see more issues related to RPA and bots throughout 2022, which will cause greater focus and investment in RPA identity-first security in the second half of 2022 and beyond.
3. Openness and interoperability in the cybersecurity market will move forward in a big way.
CISOs and their teams are struggling with too many security products and services. In the unfortunate event of a breach, security analysts must make sense of various reports, reviewing all possible indicators of compromise. This ultimately impacts dwell and response times, giving attackers more time to conduct their malicious activities.
As a result, the demand for a single pane of glass to help orchestrate and manage identity and cybersecurity solutions has never been higher. Vendor consolidation, from a CISO perspective, is high on the priority list. In many scenarios, it isn’t realistic to consolidate every single critical security product and service, and that single pane of glass for all cybersecurity is still out of reach.
Hope lies within the spirit of interoperability and openness. Openness and interoperability are critical prerequisites for the goal of achieving better value and orchestration of security products and services. Interoperability ensures more products and services come with integration into common enterprise applications and services. Openness in this context means leveraging common industry standards (such as OpenID Connect, SAML, and FIDO in the authentication space) and vendors’ ability to provide open APIs of their products so that external developers can access their software stacks. This will go a long way toward helping CISOs and their teams fight the good fight.
Interoperability and openness will be critical capabilities for all products in the identity, cybersecurity, and PKI markets in 2022 and beyond. According to new research published by Sectigo, when looking at the identity space, specifically, the PKI and Certificate Authority (CA) markets,
- 59 percent of enterprises use multiple CAs for their digital certificate needs.
- 82 percent indicated it is important for their certificate management solution to support management through a single pane of glass.
Interoperability and openness are needed here to enable a functioning single pane of glass Certificate Lifecycle Management solution. For this reason, it will be a big year for CAs working together, creating a CA-agnostic environment where enterprises can manage all digital certificates, regardless of the issuing CA, in one central portal.
4. Metaverse in 2022: Not Ready Yet: Grab your snowboard, and ride the hype wave.
Facebook is forging ahead into the Metaverse, and they believe in it so much that they rebranded to Meta. While we didn’t see too much from a metaverse perspective last year, in 2022 the hype will continue.
There are countless questions still to be asked, and, of course, answered, especially around cybersecurity, privacy, and identity. How will all of these be tackled in the Metaverse? Will decentralised identity play a role? What about identity for machines (software and devices connecting with the Metaverse)? Will NFTs play a role? And with NFTs, what about copyright laws? Who owns what?
The World Economic Forum recently raised similar questions about the potential risks “in an environment where the boundaries between the physical and virtual worlds continue to blur.”
As with any online infrastructure, the Metaverse will rely on a host of cybersecurity and identity fundamentals such as digital certificates to secure the influx of digital identities using its servers (whether centralised or decentralized). There will be a huge rise in the number of both smart devices and human identities that need to be accurately verified as applications of the Metaverse grow and enter the mainstream. With more complexity comes added risk. The success of the “Metaverse” will hinge on the safe management of its billions of digital identities and, very likely, cryptographic keys and certificates. Cryptography will no doubt be a critical infrastructure for the Metaverse. Without impeccable monitoring of the underlying cryptographic infrastructure, say with digital certificates, an expired certificate, or vulnerable crypto, gone unnoticed could lead to catastrophic outcomes such as outages and cyberattacks.
Invest in identity-first security.
Securely conducting business today requires digital trust now and for decades to come. Bad actors will continue to use identity as an attack surface, and the first and best line of defence for CISOs and their teams to mitigate risk is with an identity-first security approach. Digital certificates are an essential component of this approach to establishing and maintaining digital trust, and they are the tried-and-true method for securing and authenticating all identities in this new digital world.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics