As organizations become less centralized they face new security challenges that require new ways of addressing threats that will change the basic fabric of network security, according to Gartner analysts.\nA persistent challenge adapting to these changes is the skills gap--finding IT pros with the technical know-how to meet evolving security issues, Peter Firstbrook, Gartner vice president and anayst told attendees at Gartner IT Symposium\/Xpo 2021 Americas.\n\n\u201cCybersecurity teams are being asked to secure countless forms of digital transformation and other new technologies, and if they don\u2019t have those skilled practitioners they move toward managed or cloud-delivered services where they might not have as much control as they\u2019d like,\u201d Firstbrook said.\nAt the same time, attackers are becoming more persistent, with ransomware attacks and corporate phishing exploding. These adversaries are also becoming more professional, offering cyber attacks as a service, which lowers the barriers to becoming an attacker and greatly increases their number, Firstbrook said.\nWith that as a backdrop, Gartner detailed what its research shows are the top eight trends in security and risk management.\nRemote\/hybrid work is the new normal\nThe percentage of remote or hybrid workers will increase 30% over next couple years, which will lead to organizations hiring skilled workers regardless of where they live, which could be a business advantage, Firstbrook said. But this new workforce brings new sets of security challenges. On-prem security tools and hardware will no longer be practical or sufficient, promoting a shift to security in the cloud, which gives organizations visibility and control regardless of where the endpoint is, Firstbrook said.\u00a0\nCyber-security mesh architecture\nThe use of an overarching cybersecurity mesh architecture (CSMA) that will let distributed enterprises deploy and extend security where it\u2019s most needed was also among Gartner\u2019s top technology trends for 2022. Gartner said the CSMA is a composable approach to security that will bring integrated tools with common interfaces and APIs into the security process as well as\u00a0 centralized management, analytics, and intelligence about what is going on across the enterprise. It can also push out policies to users and services that are being accessed.\u00a0\n\u201cDistributed organizations will need to rethink their security architecture,\u201d Firstbrook said. \u201cMany companies are still focused on LAN or network centric security, and they need to break out of that mold and make security much more composable and locate security where the asset is." Siloed security doesn\u2019t work any more either. Companies can\u2019t have email security separate from Office 365 security, for example, so much more integrated controls are needed, he said.\nSecurity product consolidation\nGartner research shows that in the next three years, 80% of IT organizations plan to adopt strategies to consolidatate their security vendors, Firstbrook said. Those plans aren\u2019t to lower costs but to improve their risk posture and reduce the time it takes to respond to incidents. In Gartner\u2019s 2020 CISO Effectiveness Survey, 78% of CISOs said they had 16 or more tools in their cybersecurity vendor portfolio and 12% have 46 or more. Too many security vendors results in complex security operations. Going forward Gartner recommends organizations set a guiding principle for the acquisition of new products and develop metrics to measure a consolation strategy. Start with easy consolidation targets and be patient, Firstbrook said, as it takes three to five years for large organizations to to effectively consolidate.\nIdentity-first security\nIdentity control is now imperative, Firstbrook said, so organizations must invest in the technology and skills for modern identity and access management. Organizations can no longer define their nework perimeter as where their assets meet a public network, Firstbrook said. Now 80% of corporate traffic doesn't go over the corporate LAN, and many times companies don\u2019t own the underlying infrastructure. The only thing they do own is identity, but that is where adversaries are looking to attack, he said. Companies need to treat identity policy, process, and monitoring as comprehensively as traditional LAN controls. They also need to focus on the remote worker and cloud computing, Firstbrook said.\u00a0\nMachine-identity management\nClosely related to identity-first security is the ability to control access from machines such as IoT devices and other connected equipment. Firstbrook recommended organizations establish a machine-identity management program to assess the different tools that might handle the task in their particular environments.\nBreach and attack simulation (BAS) tools\nTools are coming to market that let enterprises simulate attacks and breaches in order to assess their network-defenses. The results can reveal choke points and paths where attackers might move laterally across the enterprise. After the enterprise has addressed these weaknesses, retesting can demonstrate whether the fixes are effective.\nPrivacy-enhancing computation\nPrivacy-enhancing computation (PEC) techniques are emerging that protect data while it\u2019s being used as opposed to when it\u2019s at rest or in motion. This can enable secure data processing, sharing, cross-border transfers, and analytics, even in untrusted environments. One such PEC technique is homomorphic encryption, which allows performing computation on the data without decrypting it. Firstbrook said organizations should start investigating PEC products to determine the right technologies for their particular use cases.\nBoards are adding cybersecurity\nBoards are hiring risk-assessment experts to help them evaluate threats at a corporate, level, so CISOs shoud try to optimize network security in a business context.