Cybersecurity is once again a catalyst for change
Predictions for 2022 and beyond from SHI

 In |

We all know that one simple hack can be ruinous for a company’s reputation – we see it frequently enough in the news.

Due to the ongoing increase in cybersecurity threats – from rogue individuals and corporate espionage to nation states – we predict that organizations will take some immediate actions.

Firstly, we may see an attempt move away from open source anything. We also anticipate an increased demand for locked-down private cloud, as organizations become more suspicious of public cloud. And while we expect IT budgets to be significantly increased to support enhanced security activity, we foresee increased demand on resellers for support. Organizations will expect product support in the form of security information and action plans for all software purchased from or through a vendor – not just from the software publisher themselves.

The recent log4j cyber security exploit will result in a sea change in IT priorities for organizations of all kinds. We explore three potential risk mitigation strategies:

IT will reconsider open source

Because this exploit is linked to an open source product, we may see a kneejerk reaction by some organizations to remove all open source from their environments. However, this simply isn’t possible due to how embedded this and other products are within the IT ecosystem. Even the 2020 Mars Ingenuity mission is dependent on it.

There is, however a more serious discussion to be had about how the organizations that benefit from open source software should fund it. Log4j is currently maintained (like much open source software) by volunteers who may or may not be sponsored for their work. And yet much of the world depends on – and can be put at risk by – this unpaid work.

Investment will move from public to private cloud

The log4j exploit is simply one in a series, but will act as a further barrier to those organizations who were already hesitant to move to public cloud. We predict a growth in large-scale private cloud, in particular in the public sector where economies of scale can be achieved without engaging with the hyperscale vendors. We also expect to see a continuation of some level of public cloud repatriation by those organizations whose original cloud migrations were not well planned, and these will be accelerated by security concerns. Any cloud migration, optimization or modernization activity should be designed with security in mind.

Expectations of resellers will rise

Procurement teams will expect license advice provided by their software resellers to include proactive alerts and advice when products they have purchased are identified as having vulnerabilities. Software resellers will need to up their game. Licensing advisors and software asset management experts will need to maintain awareness of security related updates and be able to work with their customers to help minimize and mitigate potential risks.

In short, software resellers will become de facto security consultants.

Good ITAM practices, will be increasingly important in identifying and eliminating security risks. These include effective discovery and inventory to ensure you’re aware of all software in your environment and can locate it when alerted to issues. In addition, you should be removing out of support and end of life software  – whether from megavendors such as Microsoft and Oracle, opensource products, or specialist software from smaller vendors to minimize risk of exposure.

It’s happening now

Expectations are already changing – within days of the log4j exploit being made public, SHI heard from organizations seeking help for their ITAM teams in identifying and mitigating potential security risks.

If you need help getting visibility into your software estate and understanding where to start with risk mitigation, speak to one of our ITAM experts about how SHI can help.