Read Time:4 Minute, 57 Second
*No generative AI was used by the author
Rapid Rate of Change Still Powering Technology
Here we are a quarter of the way through the 21st century and the rate of change in technology shows no signs of slowing. And, while we are not quite the jet-setting hipsters that cartoons of the 1960’s predicted, we are living in a world where everything and everyone is connected. We all want our technology to work seamlessly, frictionless, and securely.
With that idea of being secure and safe with the technology we rely on, let’s look at where 2025 may take us.
Security and the Business Come Closer Together to Build Resilience
Humans have a way of building silos to solve problems, and once established, those silos are difficult to eradicate. The removal of silos allows for more collaboration and integration to build predictable and efficient systems that are more reliable.
This eradication of silos and working together is exactly where security teams need to be. Security is something every team needs to focus on. The line of business and the security team can no longer be isolated from one another. If security teams understand the critical few objectives of the business, the greater alignment will deliver positive results.
In 2025, expect every member of an organization to begin to understand and accept their role in security and watch for the line of business move to being more resilient by aligning with security.
Multi-Factor Authentication (MFA) Commitment
MFA may appear tactical, but in 2024 we saw the damage that the lack of this control could spawn. Systems lacking MFA can have broad impact across the supply chain and for an extended period.
While many organizations bolstered their commitment to MFA in 2024, the industry needs to be proactive with demanding MFA usage. Security hygiene needs to include strong advice on why MFA is a critical component of digital safety.
In 2025, expect MFA to be a built-in requirement for use cases of all types.
Non-Human identity
With the proliferation of “things” connected to the internet, the need for non-humans to have credentials is essential. However, just as it is essential to have identity access management (IAM) for non-humans as it is for non-human identity (NHI).
These NHIs are associated with apps and devices and are in expansion mode to handle containers, cloud integrations, microservices, etc. Machine-to-machine access and authentication requires NHIs.
In 2025, watch for CISOs and governance teams grapple with how to manage NHIs. As the volume of NHIs grow and the software supply chain becomes more unwieldy, effective management of NHIs will become a necessity.
Non-Functional Requirements (Performance and Security)
In the early years of the 21st century, we moved to the concept of gamification for both personal and enterprise software. However, we are not necessarily hyper-cognizant of two critical non-functional requirements (NFR) – performance and security.
I am an eternal optimist and truly believe that as silos start to erode, performance and security will rise to the same level of functional requirements in systems engineering. The secure-by-design movement is a big step in the right direction to bringing both security and performance to center stage. As an industry we have made tremendous progress in the areas of performance and security, but as technology progresses work needs to continue.
In 2025, watch for organizations of all types to show more commitment to DevSecOps and DevPerfOps – in other words, solid systems engineering without sacrificing non-functional requirements.
Application Security
Software applications and apps represent the “last mile” of security. Over 20 years ago, OWASP started tracking the Top 10 most critical security risks to web applications. Two items have remained persistent over those 20 years – cross-site scripting and SQL injection.
With all the advancements in software engineering, especially in the area of development tools, application security should be a priority. Software supply chains and their failures are more visible. This means applications will need to provide greater transparency about the source code contained, its origin, and known vulnerabilities. The software bill of materials (SBOM) will provide much needed visibility.
In 2025, the software supply chain along with application security, will become a major discussion point among CISOs, CIOs, and CTOs.
Data
Data – it is seemingly all we talk about and if you listen to the hype, data is used. In reality, data is thinly used for actionable insights, reporting, and analysis. Our 2024 Futures Report revealed that 69% of global organizations make limited use of data for reporting, metrics, and analytics.
Data collection is everywhere, but how it is used is limited, as evidenced by the data we collected in our annual thought leadership research. Data has the potential to make an impact. With enough volume and refinement, data can lead to predictions. Predictions of adversarial attacks, predictions of system failures, predictions of events, and so on. The data needs to be integrated and not disparate. Just as organizations cannot survive in silos, data does best when it is working together and collaborating.
In 2025, watch for data silos to dissolve and data usability to become a focus.
True Mapping of the Attack Surface
The attack surface continues to expand. We continue to add diverse endpoints and new types of computing. As we add new computing, legacy computing is not retired – complexity and the attack surface continue to grow.
It is important to understand what the attack surface looks like visually. This sounds simple, but it is difficult to distill the complex into a simple representation.
In 2025, expect technology to emerge that can easily map the attack surface and correlate relevant threat intelligence to the mapping.
Looking Ahead
Without a doubt, 2024 was an exciting year, we learned a lot about our reliance on technology and our relationship with it.
Moving to 2025 is exhilarating and expansive.
Here’s to a year full of innovation!
