The move to the cloud continues to create complexity around data security. In 2023, Imperva believes the increasingly diverse data landscape will drive a fundamental shift in the people, processes, and technology in cybersecurity.
Imperva’s data security leaders explain how IT environments will continue to evolve in 2023 and the impact this will have on cybersecurity teams and the industry.
The decline of the mainframe
The mainframe has remained a cornerstone of enterprise IT systems for many years. However, Ron Bennatan, Data Security Fellow, Imperva, predicts that 2023 will be the year that the decline of the mainframe will begin in earnest.
“The mainframe has a cost model that makes no sense, skills are hard to find, and for a very long time, the open platforms have been superior to it in all ways,” Bennatan says.
Companies will begin moving away from mainframes, accelerated by predicted security incidents involving data in a mainframe.
Reinhart Hansen, Director of Technology, Office of the CTO, Imperva, explains, “Historically, mainframe data has been more or less air-gapped from public-facing access. However, the business drivers and pressure to make core business data readily available to third parties, and for analytics purposes, along with the drive for a faster digital transactional experience, will increase the likelihood of mainframe data being breached.”
Bennatan adds that many mainframes lack appropriate controls because so few people understand how to secure data, with some companies relying on “security through obscurity.”
Cloud adoption will put data security in focus
The transition away from mainframes is part of a much larger trend where public and private organizations are embracing the disruptive power of cloud computing.
Today’s data landscape inside most organizations is a complex one with various data types (structured, semi-structured, and unstructured) saved across different environments (on-premise, cloud, and hybrid). This complexity introduces new dimensions in security and goes to the heart of the increasing frequency and scale of data breaches in recent years. This problem will continue to catch businesses out, and we expect to see record fines handed out in 2023. This fallout will put data security sharply into focus as businesses scramble to get genuine visibility and control of their data.
“Most organizations will continue to tackle data security with a patchwork of technology that covers only small portions of their data estate, leaving the majority of data unmonitored and unprotected,” says Terry Ray, SVP, Data Security GTM and Field CTO, Imperva.
On the other hand, organizations that invest in data security tools that can be used across all environments can quickly and effectively protect their data and accelerate their migration to the cloud.
Karl Triebes, Imperva SVP and GM of Application Security, says that after years of focusing on securing the perimeter with the use of VPN and secure edge services, organizations will turn their attention to data security.
“As security leaders increase their focus on protecting data in large, dispersed environments across many clouds, they’ll also focus more on the vulnerable APIs that connect internal databases to applications. To combat this, security teams will emphasize the correlation between known users, types of machines, and data access to triangulate when data may be at risk,” Triebes says.
Moshe Lipsker, SVP of Product Development, Imperva, adds that this will drive further consolidation in the cybersecurity sector.
“The right consolidations will create end-to-end solutions that will enable a CISO to provide protection with a layered model that can defend from Gen V and Gen VI attacks,” he says.
Demand for new skills
The move to the cloud and the focus on data security will also require new skills in security teams.
Dan Neault, SVP and GM of Data Security, Imperva says that as an organization’s data spreads across different environments, a new IT role will come into focus.
“This role will require high judgment about governance, security architecture skills, data architecture skills, and the depth of a database administrator for where that is needed. CXOs will realize the right leaders in this role will be game-changing and accelerate embracing cloud computing on the timeline they should, while mastering innovation, security, and compliance.”
Operational skills will also be in high demand, according to Andy Zollo, RVP of EMEA, Imperva.
“Businesses are starting to understand that moving data to the cloud means a loss of control and so will be desperate to find people with strong operational capabilities who can help them handle this fundamental shift in a way that doesn’t result in unexpected costs or unpleasant security surprises.”
The transition to the cloud continues to drive fundamental changes in cybersecurity, and 2023 will be a watershed moment for data security as organizations try to get better visibility and control over their increasingly complex data assets. The biggest challenge in this next stage of cybersecurity evolution will be finding the right mix of people, processes, and technology to achieve this.
Try Imperva for Free
Protect your business for 30 days on Imperva.