Make the most of your security opportunity

Jan Shelly Brown

Partner, New Jersey

I like to think that 2022 was the year that security became one of the cool kids in tech. For years, security was treated as a blocker—albeit a critical one—that slowed progress to ensure security protocols were in place. In 2022, that changed, with companies making much greater commitments to modernizing their tech through moving to the cloud and rethinking the security role so it could act as a real enabler. Peering ahead to 2023, that trend will accelerate as security itself becomes much more automated, in part thanks to the investments cloud service providers (CSPs) are making in their own risk capabilities and tooling. Code that developers submit will automatically be scanned for cybersecurity issues and rejected unless it complies, while providing clear recommendations for what fixes to make. Because most security issues are the result of code and system misconfigurations, this process will radically reduce the number of security breaches at many large companies. At one large bank, for example, breaches dropped 70 to 80 percent after implementing security automation. The other benefit is simply the pace of development. With engineers able to submit code and update it based on automated feedback, the pace of development can increase as much as ten times. The key point isn’t that the cloud is more secure; it’s that moving to cloud provides companies with a huge opportunity to rethink their security posture. The other big shift we can expect is in the regulatory environment. As more heavily regulated industries such as banking and pharma move to the cloud, regulators themselves are rethinking what the pressure points are. They are already becoming more prescriptive about security and compliance standards and are thinking about other issues, such as the significant concentration risk. What if one of the big CSPs goes down and 30 banks with it? While there won’t likely be real answers to these new questions in 2023, we can expect to see the contours of new policy start to emerge.