Looking back over the last year, the security landscape has continued to experience significant change and escalation. Every day, we see the toll this is taking on organizations of all sizes as they navigate the enduring challenges of the pandemic, the expansion of the digital estate, and the evolution of threats. As defenders ourselves, we understand the relentless commitment required to safeguard people and organizations in this environment. It is our mission to ensure security leaders have the tools and resources they need to succeed in this important work. To continually understand the priorities and concerns of our community, we run research with security leaders every six months. I wanted to share some of those insights with you, as you may find the information valuable in your work.
To begin, the top five challenges shown below, as reported by survey takers, are very consistent with what I’m hearing in my regular interactions with customers and partners.
The security leaders we talk to are feeling the pressure—
Cloud security has also been pushed into the forefront as security leaders adapt to the realities of the pandemic and the shift to hybrid work.3 The cloud represents significant opportunities for scale and agility. At the same time, cloud security technologies are evolving, and customers are looking for ways to simplify security across their entire portfolio.
Aligned to the top cybersecurity challenges, cloud security lands as
the top area of security investment over the next 12 months. For most
security leaders, this means prioritizing investments that help them
close gaps, protect workloads, and secure access to cloud resources.
Security leaders tell us this is an area in which they’re looking for
solutions that can help them tackle these challenges comprehensively—
Protecting data is fundamental to positive business outcomes, so it’s not a surprise that data security continues to rank high on the list of priorities among respondents. Hybrid work and the acceleration of digital transformation are massively expanding the amount of data that needs to be protected, amplifying the need for comprehensive data security. We predict that organizations of all sizes will need to continue to evolve their data security strategy to keep up with changes in the digital environment.
Following cloud and data security, we’re also hearing that decision-makers have increased interest in investing in vulnerability management and vulnerability assessment as they prioritize prevention initiatives. We are also seeing growing interest in emerging technologies like extended detection and response (XDR), IoT and operational technology (OT) security, and Secure Access Service Edge (SASE) solutions. With XDR, organizations can better detect and respond to threats across their complex ecosystems. Many organizations also use IoT and OT technologies and are looking for ways to close gaps in protection and address potential vulnerabilities. A SASE solution can help with providing secure access to resources at the edge, enabling more flexibility, visibility, and control.
As security leaders look to mitigate threats now and in the near
future, we’re seeing an increased focus on improving the prevention
capabilities of the highest growth threat vectors, such as cloud
security, access management, cloud workloads, hybrid work, and
ransomware. An overarching component of that transformation includes
increased attention on implementing Zero Trust—
Read our Evolving Zero Trust whitepaper to learn how real-world deployments and attacks are shaping the future of Zero Trust strategies.
As part of the shift to the cloud, security leaders tell us they are also interested in learning more about how posture management, access management, and workload protection tools fit into their cloud security strategy. And given the concerns around the rise of ransomware and securing remote or hybrid work, it’s not surprising to see them as a priority topic of interest.
Check out our ransomware blog posts to keep up to date on the latest ransomware insights from Microsoft Security researchers and product updates.
Read our recommendations on securing a new world of hybrid work.
Serving our customers is our primary job and so it’s probably not surprising that we measure the perception of security leadership for various vendors, including ourselves, in a blind survey. We asked security decision-makers which companies they saw as leading the way in the security industry. Despite so many established vendors, we were honored that Microsoft was ranked in the top three by survey takers with a substantial increase in overall perception in the last year, following several years of steady growth. We hear from customers that our end-to-end solution with broad multi-cloud and multi-platform coverage and deep, industry-recognized protection has been an approach that resonates. We always have more work to do, and I’m sharing this because we want you to know that the success and protection of our customers is at the heart of everything we do. It drives our priorities and is fundamental to our mission. We’re thrilled to know we’re on the right track and we don’t take your trust or your partnership for granted.
As the last couple of years have shown us, cybersecurity is a mission of great importance. It not only underpins the business resilience that enables your organization to thrive in times of uncertainty, but it’s also critical to the fight for digital safety for all. This isn’t something we can do alone. We must work together as a community, sharing insights and supporting each other, to defend against not only today’s attacks, but also be prepared for the threats of tomorrow. As part of our commitment to sharing insights and fostering cooperation among defenders, my colleague Rob Lefferts will be releasing a new quarterly report next month called CISO Insider, where we invite Chief Information Security Officers (CISOs) from around the globe to share their best practices and expertise.
For more information that can help you navigate the current challenges in the security landscape, check out the following resources:
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
1Fortinet Ransomware Survey Shows Many Organizations Unprepared, Fortinet. 29 September 2021.
2How cyberattacks are changing according to new Microsoft Digital Defense Report, Amy Hogan-Burney, Microsoft. 11 October 2021.
3New data from Microsoft shows how the pandemic is accelerating the digital transformation of cyber-security, Andrew Conway, Microsoft. 19 August 2020.