11 Experts Share Advice on Device Security in 2022
As part of our Information Security Insight Jam, we got in touch with several experts and asked for their advice and predictions for device security and protection in 2022. These experts represent the top cybersecurity vendors, security hardware and software providers, and IT software companies, and have decades of combined experience with securing and protecting user and company devices. We’ve compiled 11 quotes from 11 experts on where they see the field of device security in 2022 and beyond.
Thanks to all of these experts for submitting their quotes and advice — and be sure to follow us on Twitter all day for insights, advice, and best practices on cybersecurity during our #InfoSecInsightJam!
Thanassis Avgerinos, Co-founder and VP of Engineering, ForAllSecure
“Updating software on devices – not just general-purpose computers – is a time-consuming process and in some cases not even possible because “regular updates” were not part of product design. We entrust such devices to hold our data and sometimes provide them with access to trusted networks without too much thought. Combined with an ever-increasing number of networked devices, deploying attacks against such devices becomes even more appealing because of the low-effort / high-reward tradeoff. Better upgrade processes and continuous security testing throughout the development lifecycle will help, but that is still a few steps away for several products.”
Ernesto Broersma, Partner Technical Specialist, Mimecast
“Your IT systems are an interwoven web of hybrid applications supporting your business processes. Cybercriminals jump from one compromised system to the next in order to maximize the disruption they can cause. You cannot rely on just your security toolset alone, even if they are the best-of-breed products. Those getting ahead will have a comprehensive security business strategy supported by well-configured tools from a variety of vendors that integrate to work together to detect, automate and remediate.”
Kevin Curran, Co-founder and Advisor, Vaultree
“With the prolific use of mobile devices as remote work increases, this is leading to new risks as users install potentially malware-infected software and expose company data to foreign networks including their friends and family. Increasingly, employees are working longer hours in both work and remote home environments thus leading to new risks as users install potentially malware-infected software and expose company data to foreign networks including their friends and family. One aspect, which should not be overlooked, is the fact that these devices belong to the employees and traditional ‘rules’ and mandates for enforcing new updates may simply not work, requiring us to reevaluate current data protection policies.”
Michael DePasquale, CEO and Chairman, BIO-key
“Authentication will move beyond devices; it’ll be smart for companies to shift to identity-bound biometrics. We’ll also be seeing a roll-up of solution providers in the IAM industry, with greater consolidation into single, unified platforms that can cover multiple areas of an IAM strategy vs. multiple point solutions to manage. Strong “centrally” managed biometrics will emerge as a standard of choice for enterprise applications in the regulated industries including Gov’t, Finance and Healthcare and ultimately B2C for retail and payments.”
Chris Hass, Director of Information Security and Research, Automox
“Within the next year, the majority of businesses will realize the immense benefits of cloud-native solutions and IT automation and replace their existing legacy tools, completely or extensively. Cloud-native technologies make connectivity with remote devices much easier while staying secure without the use of VPNs. They also improve visibility into the exact status of a device in real-time. IT teams will have an easier time pushing patches automatically without worrying about VPN bandwidth restrictions and other previously unseen issues.”
Sander Hofman, Manager, Sales Engineering, Mimecast
“Hybrid working will become embedded within the future workforce. I believe this is a positive change for all (company, employees, families, etc.) However, for IT it’s the biggest nightmare you can imagine. On the perimeter, IT can control almost everything and can create defined rules for security. With the introduction of remote work, Bring Your Own Device (BYOD) will become more common. The pandemic caused more BYOD devices to connect to corporate networks, providing hackers with new attack vectors. Bad actors will take the easy route and target the weakest point in the security layer – the end-user’s personal device. This personal device is not managed, probably has no extra security layer (endpoint and/or web protection) and a bad actor can easily drop a payload that will activate itself when it discovers a different network. If companies don’t invest in protecting BYOD devices or reshape to choose your own (employee can choose, but the company buys and manages), they face a greater threat.”
Greg Keller, CTO, JumpCloud
“It’s become more important than ever that organizations transfer the burden of security and operations from the end user to applications and devices. From a security perspective, trusted devices draw the edge of a company’s corporate network wherever an employee is located when they connect, and communicate, “I am who I say I am, let me get on with my work.” No one wants extra steps, and additional friction risks employees finding ways around it – in fact, our research shows that nearly 3 in 4 IT admins fear that remote work makes it harder for employees to follow best practices. To avoid introducing unnecessary and cumbersome steps without sacrificing security, implementing a trusted device approach directs employees toward strong security hygiene, without any explicit effort or impact.”
Eve Maler, CTO, ForgeRock
“As soon as you solve your most important problem, your next problem gets a promotion. With increased consumer usage of passwordless authentication methods, we will face challenges once ‘solved’ by sharing passwords. Securely delegating bank account and healthcare record access to family members and caregivers will be one such problem.”
Andrew Maloney, COO and Co-Founder, Query.AI
“Extended Detection and Response (XDR) has made a lot of noise this year, but even though it’s a relatively new concept, it’s already losing steam. There are many different definitions for XDR, and the market is struggling to believe it’s truly the answer to all problems. The current definitions of XDR all rely on a single platform to do all the collecting, aggregating, correlating, and analyzing – preventing the need for users to collect and store data “from other solutions,” as it’s all already within the XDR vendor’s purview. The reality, however, is that, with today’s dispersed data and siloed security tools, no one technology provider can possibly have all the capabilities needed for security analysts to efficiently perform investigations. The only way XDR will work as intended is if XDR vendors decide to partner in areas where they don’t have convergence or capabilities, and to build native integrations with those partners, so customers don’t have to do so themselves. Only when working with a security ecosystem of partners will XDR deliver on its intended promise.”
W. Curtis Preston, Chief Technical Evangelist, Druva
“There is no more “crunchy exterior” behind which your users can hide, since they’re working from anywhere on laptops and constantly connecting to unsecured networks. Companies must think about security and data protection all the way to the edge, securing and backing up all these devices, as they currently contain some of the organization’s most valuable data. Endpoint backups should be a major priority in this hybrid world.”
Gergő Varga, Product Evangelist, SEON Technologies
“When users access your website, they do it with two tools: a device with a web or mobile application, and an Internet connection that retrieves an IP address. With device fingerprinting, we can extract useful info from these data points about a browser and device. It gives a clear picture of how the user is connecting to your service and lets us understand user behavior, and more importantly, flag potential fraudsters.”
For more information on endpoint security solutions and vendors as well as the critical capabilities you need to look for, consult our Endpoint Security Buyer’s Guide.