Bitwarden hosted a webcast on 2022 IT Security Trends, setting the stage for what many companies will face in planning for the new year. The webcast explores the top three IT security trends and discusses ways to strengthen IT tech stacks to better prepare for future needs.
Rico Acosta, IT Manager at Bitwarden, leads the webcast with input from guest speaker Sal Aurigemma, an Associate Professor of Computer Information Systems at the University of Tulsa. Sal also uses Bitwarden personally and professionally, as he uses it in his classes to demonstrate IT security best practices. Here are the biggest takeaways from the webcast.
The webcast starts by setting the stage for 2022 IT security planning, focused on four key areas:
Wrapping up projects: Many IT teams spend the end of the year wrapping up projects or considering timeline extensions for existing schedules
Phasing out inefficiencies: When possible, teams also evaluate what has or hasn’t worked during the current year to focus resources on the right areas
Justifying new costs: In some cases, teams evaluate new software to help address inefficiencies or support other operational goals such as mitigating cybersecurity risks
Adjusting to changing workforces: 2022 also presents additional uncertainty around the evolving Delta variant of COVID-19 and whether workforces will return to in-office settings or remain remote
Many of these challenges also carry on into the new year.
Before the webcast, a poll asked respondents to select the biggest trends in 2022 IT security planning for businesses, including:
Managing IT for remote and hybrid workforces
Improving security to mitigate cybersecurity risk
Transitioning to more cloud-based services
The webcast speakers discuss how each trend shapes team priorities.
The shift to more hybrid or fully remote workforces introduces new challenges such as Shadow IT. Individuals and teams run their own services and use multiple devices, even in a full on-premise work environment.
The understanding of a network boundary has also shifted because of the accelerated adoption of multi-platform and multi-network work environments. IT Teams previously could defend a network by securing the boundary, but not every device, platform, or network used by remote and hybrid workforces is fully patched, malware-free, and securely configured. With reduced visibility, IT teams cannot check for exposure risks; thus, facing increased chances of a data breach.
Zero-trust deployments help lock down applications, devices, or users when a threat is identified but require dedicated resources. Cross-platform tools such as password managers manage corporate credentials, enable control of sharing settings, and ensure users follow the rules for good password security practices. They aren’t as resource-intensive from an implementation perspective.
A credential management solution also gives IT teams visibility into corporate accounts, including user access, the use of unique and complex passwords, or even checking for compromised passwords. IT teams can also securely share credentials with remote and hybrid workforces when new services are provisioned.
While companies can take several approaches to improve security and mitigate cybersecurity risks, the webcast discussion highlights educating employees as an effective method. Companies can help reinforce best practices through knowledge sharing, communications around security activities, and auditing workplace cybersecurity policies.
Frequent knowledge sharing such as through employee security trainings helps employees work more securely in the workplace. But the knowledge share doesn’t stop with training. Involving employees when critical events occur that require downtime or affect operations can save a lot of frustration for the impacted end user. For example, employees should know why they can’t temporarily access certain systems if a server needs a patch applied to prevent a security incident.
Additionally, workplaces should have policies in place that explain “... the scenarios we are concerned about, and… the mitigation actions you should take”.
Raising employees' cybersecurity awareness can result in a substantial and lasting improvement in online behaviors. But awareness should not just focus on overly repeating the basics of cybersecurity best practices or training that only ticks a compliance checkbox. Cybersecurity threats constantly evolve, and employees often serve as the front line of enterprise threat prevention.
Empowering users to take cybersecurity matters into their own hands helps to make things click. This is particularly true if employees can leverage tools to implement better security behaviors such as storing passwords in an encrypted vault or generating strong passwords.
Sal provides several examples of security breach close calls that led individuals to become evangelists for online security, including discovering when a family member had a compromised password that was reused in several sensitive accounts.
Companies continue to switch to more cloud-based services, and this trend has only increased as more workforces transition to remote or hybrid environments. With more services comes more desire to maintain control over shared passwords and other credentials.
Companies also adopt a multi-cloud strategy that sometimes involves managing account credentials for three, four, or five clouds. Exposed data and unauthorized network access would need to be monitored constantly in a multi-cloud infrastructure environment with little visibility into the resources or devices used for work purposes.
Solutions such as identity access management (IAM) or single sign on (SSO) can help manage credentials on company infrastructure or known devices but do not always reach hybrid setups in employees’ homes and workplaces. A credential management tool can enable employees to safely venture into the cloud while reducing potential data breach risks.
The final section of the webcast explores how businesses can strengthen their IT stacks and focus on the fundamentals of sound security hygiene. Businesses can better secure their networks and the data stored on them by implementing these measures:
Keep everything patched
Educate users on password best practices and provide them with the tools to reinforce what they learn
Promote the use of two-factor authentication whenever possible to strengthen good password security behaviors
The webcast concludes with a questions and answers (Q&A) session, where a user asks about the generational differences in teaching end users about building better online security habits. Watch the webcast replay below to hear the entire discussion.
If you are interested in learning more about the Bitwarden business plans, read more about the free trial options.