December 27, 2021

Security and Compliance Predictions for the New Year

What’s a better way to end a highly speculative year with all kinds of ups and downs than with more speculation? Here’s my list of what’s going to be even more critical and gaining traction in the year 2022 when it comes to security and compliance:

 1. The legislation uptick will only increase as compliance and security incidents at private companies become more impactful to governments. 

The effect of ransomware and other cyberattacks is no longer limited to just the victim company anymore; attacks now affect entire sectors and regions. For instance, attacks on companies that supply energy or food have led to hoarding and empty shelves in supermarkets and long waiting lines at gas stations. Expect security requirements for private companies in regulated sectors to become more rigorous. Governments will need more visibility into the specifics of these cyberattacks to improve legislation.

2. MSPs and tech vendors in general as a path to infiltrate large enterprises or government agencies. 

You don’t get hacked; your vendors do. Attackers have seized upon a very effective strategy for getting access to large organizations. Organizations with low standards, especially SMBs that rely on their vendors, will be a significant target. Managed service providers (MSPs) will need to improve their own security standards and the depth of their security measures.

3. Automated data classification is the norm.

Every piece of data represents a unique combination of value and risk. As privacy concerns, security, and compliance requirements increase. Eventually, the need for effective and automated data classification is becoming urgent. Data classification helps companies when it comes to data access usage and modification. This classification works as the first layer of protection. Yet many organizations find the process challenging and assume their data is too complex and widespread for classification. This very same challenge should be the first reason to classify data, as the sheer volume of data makes the proactive exercises such as auditing the data untenable, and just getting started becomes difficult. In the new year, companies will by focusing on automation better understand how to keep their data secure and compliant. 

4. Compliance and security training will take more of your time.

Yes, those boring videos you have to do every quarter. They will become more challenging and even tied to specific metrics at your company. That’s the case at InCountry, where every employee is thoroughly trained and tested via interactive and modern tools.

5. Distributed and decentralized SaaS.

With a speculative blog comes some buzzy words. Joking aside, this one is the culmination of everything above. New infrastructure technologies will help SaaS and tech vendors, in general, to expand into new markets and push new features out quickly while remaining within compliance. SaaS applications will become highly distributed, with workflows stitching them to deliver differentiated services at scale and on-demand. When regulated verticals like finance customers use such deployments, the requirements around security and compliance, tenant-separation with authentication/authorization, ability to connect to federated identity solutions — and above all — resilience, availability, and DR become critical to such deployment topology.

Bottom line: A big part of readiness and responsiveness is having the proper data security and compliance standards and integrations to bounce back quickly from any threat. Make 2022 the year you’re ready for anything with compliance solutions from InCountry.