As a very busy 2021 comes to a close, it’s time to reflect on the past year and look forward with optimism to the possibilities of the new one that’s about to begin. Rounding the corner to 2022, MeriTalk asked several experts on the industry side of Federal IT for their predictions of what the next year will bring.
Offering their best views for what 2022 may hold are:
- Matt Marsden, Vice President for Federal Technical Account Management at Tanium;
- PJ Kirner, CTO and Founder of Illumio, and Andrew Rubin, CEO of Illumio;
- Rick Rosenburg, Vice President and General Manager, Rackspace Government Solutions, Rackspace Technology;
- Mike Wiseman, VP for the Public Sector at Pure Storage; and
- Patrick Perry, Director of Emerging Technology, Zscaler, and Danny Connelly, CISO Americas, Zscaler.
Ransomware
“There will be more conversations around ‘how organizations avoided ransomware disasters’ in 2022, due to organizations catching ransomware and malware earlier on in the pipeline,” Illumio’s Kirner told MeriTalk. “In 2021, the big conversation was around ransomware payments, and whether or not organizations should pay up if or when they – inevitably – fall victim to a cyberattack.”
“The Federal government has advised against paying bad actors when they fall prey to a ransomware attack, but the lack of more stringent safeguards and solutions will mean agencies will have few choices,” said Tanium’s Matt Marsden. “In 2022, agencies must find ways to better defend and improve their posture, such as practicing good cyber hygiene and having certainty about what is in their environment, protecting their sensitive data and enforcing their device compliance in an automated way, with speed and at scale.”
Kirner added that in the coming year, the migration to zero trust security concepts will take a higher priority, and that SecOps teams should be better prepared due to the coming shift.
“Zero trust is not a single tool, but the practice of securing your endpoints and having accurate and real-time data on those endpoints – their patch status, who has access to what software or other tools, etc.,” said Marsden. “It’s also the mechanism of validating the identity of people logging on to your network and applying policies of least privilege.”
“The Cybersecurity and Infrastructure Security Agency released the draft Zero Trust Maturity Model – and as Federal agencies implement the follow-on actions from the executive order and adopt Zero Trust leveraging the NIST 800-207 Zero Trust Architecture, the Zero Trust maturity model provides a framework and roadmap to assist agencies as they develop and implement their zero trust strategies,” said Zscaler’s Danny Connelly.
“We will continue to see Federal agencies shift from on-prem/network centric (legacy) security models to cloud delivered cyber security solutions and embrace the flexibilities provided by TIC 3.0,” he added.
“2022 will be all about ransomware … again. All crimes, including ransomware attacks, are done for one of two reasons: one, as a political statement, or two, for money,” said Illumio’s Rubin.
“In 2021, we saw that ransomware can be both wildly successful and devastating (i.e., the attacks on Colonial Pipeline and Kaseya), in part because adversaries found a way to be highly efficient in their attacks – they can keep costs low and take advantage of a repeatable operating model. Because this model has become so effective, malicious actors will only accelerate their focus on ransomware in 2022,” he said.
Cloud
Federal IT organizations will also be leaning more into cloud architecture in 2022, and industry experts said further use of cloud will help alleviate complexity.
“In real estate, a buyer’s broker represents the homeowner’s best interests in a real estate transaction,” said Rackspace’s Rosenburg. “The buyer’s broker model applies well to the increasingly complicated multicloud computing landscape for government agencies of all sizes and functions. It can deliver best practices in multicloud management and security, infrastructure savings, and the ability to cost-optimize workloads so the IT department and its agency customers get the best value.”
“GOTS (government off the shelf) approach to build Frankenstein SASE [secure access service edge] or [Zero Trust] solutions will run into major scalability and support issues that will require the Defense Department to re-look at building deeper partnerships with cloud security companies,” said Marsden. “This will be a hard lesson ‘not learned’ from their approaches to build their own private infrastructure clouds (Govcloud 1 and 2) and finally their adoption of actual cloud service providers.”
Future Investments
“Finally, state and local leaders must understand how to acquire, deploy, and sustain technology systems as efficiently and effectively as possible,” said Wiseman.
“Containerization allows governments to create and deploy applications faster and more securely, bringing a heightened drive for data management for enterprise-level assurance,” he said. “By investing in flexible and agile solutions, organizations can maintain costs and scale up or down without massive disruption to install, while leveraging only the digital infrastructure they need at a given time.”
“Tighter orchestration/integration between security company capabilities will be a higher priority of government agencies as they all look to adopt ‘modern approaches’ to managing all aspects of their environment, to include their security eco-system,” said Zscaler’s Patrick Perry.
“In 2022, we may see more people go back to the office, creating more demand for mobile devices – but we won’t go back to permanent desktops,” offered Marsden. “This hybrid workforce creates even more work and security vulnerabilities for operations and security teams to handle. Agencies need a single platform that can help them manage all endpoints, get accurate and real-time data from those endpoints, at scale and in minutes – no matter if that endpoint is on the network, in an office, or off the network in a home office.”