Kasey Panetta just published Gartner Security Forecast for 2021, with some very topics we very liked, for example:
Securing your remote workforce
A digital workspace is a framework of cloud technologies to manage app, data, and desktop delivery. Digital workspaces enable access to the organization data and applications by the employees from anywhere, regardless of the physical network they are connected to. The digital workspaces are highly adopted by organizations and created new attack vectors which are increasing the threat landscape organizations are exposed to.
Risk-based vulnerability management
Risk-based vulnerability management (RBVM) is a process that reduces vulnerabilities across your attack surface by prioritizing remediation based on the risks they pose to your organization. Following Gartner recommendations, CIOs should enforce policies and apply security methodologies that are relevant to the multi-cloud approach.
Cloud security posture management
After moving to the cloud, many organizations mistakenly assume their cloud hosting provider is entirely responsible for security. This mistaken belief leads to data breaches and other security mishaps. Cloud security breaches are commonplace today, with most breaches as a result or errors involving cloud misconfigurations. Cloud providers are responsible for securing the infrastructure cloud stack. However, users are responsible for configuring the cloud and securing applications and data. CSPM solutions automatically and continuously check for misconfigurations that can lead to data breaches and leaks. This automated detection allows organizations to make necessary changes on a continuous, ongoing basis.
Simplify cloud access controls
As the volume of SaaS adoption grows and Cloud Identities footprints expand, IAM solutions are now a critical component in the enterprise security strategy to prevent identity driven threats, including attack scenarios like identity theft, captured credentials, misconfigurations and lateral movement. Identity and Access Management (IAM) is a web service that helps organizations securely access Cloud Apps resources. Organizations use IAM to manage their authentication (who is signed in) and authorization (what the user can or can not do).
Automating security risk assessments
In the “new edge”, organizations are leaning to use SaaS services like Slack, Teams, Jira and Netsuite. In this case, the classic pen-testing tools are not relevant anymore. While in the “legacy” world, pen testers were looking for networking issues like open ports or applications layer vulnerabilities like command injection, in the “new edge” the organizations do not have control over these aspects.