When we hosted DevGuild: Enterprise Security in late 2019 and HackerOne CEO Marten Mickos in Feb 2020, we had no idea that the COVID-19 pandemic and shift to remote work would dramatically accelerate the importance of security as an essential business consideration for organizations of all sizes and stages. In an ever-changing landscape, it’s hard to definitively say what this year holds for us so I asked some folks in our community to share their opinions on security predictions for 2021.
Karl Hanson, Co-Founder of Tonic: Data de-identification
“The shift to remote work has changed how people think about security for distributed teams, especially around data minimization and access restrictions. We’re going to see an increased focus on security products that reduce exposure. But the real potential is for products that do so without limiting employees from getting work done. This is the area we’re doubling down on.”
Co-founder Ian Coe goes into greater detail in this post on the Tonic blog, make sure to check it out.
Avery Pennarun, Co-Founder of Tailscale: Zero Trust and securing devices
“Lately people are thinking a lot about how to live in a world where we can’t trust devices even on our own LAN. Everyone is working from home, where the company doesn’t control the network, and can’t afford to funnel all the browser traffic back to a corporate IDS. Rogue routers, IoT devices, and malware-infected systems can be anywhere.
I expect we’re going to see more creative ways to lock down individual devices and detect breaches and attacks as they happen, including Zero Trust networks and improved endpoint security and monitoring. People are becoming increasingly conscious that automatic software updates, even from trusted vendors, can create risks, just like failing to install security patches can create risks. We’ll start seeing solutions to get us out of that double bind.”
Omri Gazitt, Co-Founder of Aserto: Authorization is broken
“With last year’s widespread shift to remote work, IT and security teams saw their challenges with identity and access control magnified many times over, making it clear that existing perimeter-based access control strategies are entirely insufficient for the modern world.
Unlike authentication, which has standardized on OAuth 2, SAML, and OpenID Connect, there are no standards for authorization — each application has to invent its own permissions and roles, and implement authorization and access control in a one-off fashion. Fine-grained authorization is a core part of the application, and therefore has to be modernized by each and every SaaS application vendor.”
You can read Omri’s full post on the impacts of fixing authorization, here.
Subscribe for Updates
In addition to the above, in last November’s election, Californians approved Prop 24, also known as the California Privacy Rights and Enforcement Act of 2020. 26 other states have followed suit and we expect this year to be a year of transition for legislation, on both a state and federal level. To stay up to date with these changes in the dev tool space and larger tech industry, make sure you’re subscribed to our monthly newsletter and weekly digest.