It’s a new year. And for most enterprises, that means new security challenges. But, if you ask our experts, it also means new and exciting opportunities to tackle those security challenges – and move the business forward.

This was the theme that emerged when we asked Avanade’s global security team to share their vision for 2020. Taken together, these 20 predictions provide a fresh, bold and sometimes daunting call to action: Security has to evolve in the months ahead – not just to keep the business safe, but to sustain innovation and growth, as well. From the workplace experience, to the cloud, to disruptive business models and hiring talent, digital transformation simply won’t happen without the right security approach in 2020. Read on to see why.

Identity and access management trends in 2020 

1. The rise of automation & AI in identity 
Identity governance is no longer a “set it and forget it” process. Good identity governance demands a series of ongoing checks and insights to ensure the right people - have the right access at the right time. I’m predicting the rise of automation and A.I. in the identity space, particularly for governance. These tools will enable enterprises to scale modern identity, efficiently and accurately, without exposing data or users in the multi-cloud world.  – Chris Richter, North America Security Lead  

2. Zero Trust will be the only viable approach
Most security experts agree the best, and perhaps only, security architecture capable of stopping the threats we face in 2020 is Zero Trust. That’s why, in 2020, CIOs will be intent on shepherding organizations away from “Trust, but Verify” to “Never Trust, Continuously Verify.”  Just because there is no known vulnerability in the code today, doesn’t mean there won’t be tomorrow. – Brandon Nolan, Director Security Consulting

3. We will get creative with identity and access management
It is no longer enough to architect IAM as we did five or 10 years ago. For example, when Avanade built a medical tumor board on Microsoft Teams for asynchronous participation across 2,600 locations and 34,000 providers, we needed to govern access and authorization for highly restricted private data, while maintaining a good experience. We did so with our partner Saviynt, an identity governance solution. This is just one story of thinking differently to solve a new breed of problems. Expect much more of this in 2020. – Brandon Nolan, Director Security Consulting

Security and the modern workplace experience trends in 2020

4. Security will enable a great workplace experience
Security has traditionally been seen as a blocker to the workplace experience. In 2020, this point of view will be a thing of the past, with security playing a pivotal role in improving and providing a modern, but secure, workplace experience. Key solutions will include passwordless single sign on (SSO), self-service for end users and zero trust to enable anywhere access on trusted devices. In this new model, the employee will be protected by default, transparently to their experience. - Jason Revill, Regional Security Lead UK 

5. Microsoft teams will help simplify security
With Microsoft Teams being the fastest growing business app in Microsoft’s history, enterprises are starting to focus on how to leverage it securely. The good news is that Teams enables new ways of working and new ways to secure it all at the same time, with much more simplicity and efficiency than before. Enterprises will start to work with confidence with Teams in 2020, leveraging its foundational options to protect data and users, while extending existing Office 365 infrastructure to strengthen overall security. - Breen McInerney, Secure Workplace Architect

 Cloud, IoT and edge security trends in 2020 

6. Cloud sprawl will drive the demand for consistency
As multi-cloud and DevOps become more prevalent, cloud security sprawl, misconfiguration and inconsistency will get worse.  That’s why Security Controls will be front and center for many security teams in 2020. The focus will be ensuring information security policies and standards have evolved for the modern world of IT and digital delivery. Security teams will support and enable those benefits for the business, while also protecting the business from cloud-based risks such as misconfiguration, inconsistent delivery standards and non-integrated security systems. - Jason Revill, Regional Security Lead UK 

7. IoT security will start to be solved
The vast majority of off-the-shelf IoT solutions are poorly secured and easy pickings for bad actors – with an estimated 105 million attacks on IoT devices attempting to exploit default settings, or out of date devices in the first half of 2019 alone, according to Kaspersky. That’s why the big trend for IoT security in 2020 will be “standards, standards, standards.” We will see more native security in off-the-shelf IoT devices, with highly secure platforms like Azure Sphere being designed into more consumer devices, and IoT plug and play kicking off in a big way with many more Microsoft certified sensors and devices. - Fergus Kidd, Emerging Technology Engineer

8. Enterprises will re-evaluate security in the cloud
With threats evolving faster than IT’s ability to adopt new technologies and evaluate security features, 2020 will be the year businesses are forced to focus on understanding their true cloud security maturity. Those who fail to act will be faced with a harsh reality: They aren’t as safe in the cloud as they thought. - Brad Gephart, Global Offerings Lead for Modern Workplace 

AI, blockchain and quantum security trends in 2020 

9. AI will become the norm for security, not the exception

AI and machine learning, already present today, will soon become the norm in how we protect our businesses and ourselves. These tools will help protect us against increasingly sophisticated bad actors and even the potential for AI-based malicious activities. I predict that very soon, AI will be viewed as a key component of how we approach security, if done appropriately. Humans will just not be able to keep up without the assistance of technology. - Bob Bruns, Avanade CISO

10. We will worry about quantum encryption
While huge gains are being made in the area, we are yet to fundamentally prove a useful quantum computer (QC) is possible. In terms of security, however, we have to assume that QCs are coming, and that someone else will have one first. Why? A single viable Quantum computer will so fundamentally change our approach to encryption and security that it would be completely foolish to ignore it now. - Fergus Kidd, Emerging Technology Engineer 

11. Blockchain will find a niche in security
Blockchain really only makes sense in a few niche scenarios. These scenarios almost always involve a situation where data transactions are shared by multiple sources who don’t trust each other. In 2020, CIOs should have trust in the back of their mind when dealing with innovative security measures around shared data and have blockchain at the ready as a tool at their disposal. In my opinion, they should not, however, be looking to implement blockchain into their organisations “for the sake of it,” as a new emerging technology. The tool here must suit the job. - Fergus Kidd, Emerging Technology Engineer 

12. Blockchain will lead to “coopetition”
2020 is the year Blockchain leaves the proving grounds and is seen as a mature enterprise grade technology. This means organizations will have to adopt a “coopetition” mind-set, figuring out how to form groups, consortiums and partnerships to make the most of this technology. Fast-movers like Starbucks are already using Blockchain to track coffee from bean to cup, reaping benefits in terms of corporate social responsibility, as well as efficiency. How can you take advantage? Counter-intuitively, figure out where you and your competitors share a common goal. - Chris Lloyd-Jones, Emerging Technology Product & Engineering Lead

13. Quantum practicality begins
As we enter 2020, we’re seeing plenty of announcements, FUD and chatter around Quantum. We’re all focussed on understanding, frankly, is this real, and should we care? Well, 2020 is when business begin to reap the first benefits of Quantum Computing. This doesn’t mean the failure of banking encryption, or that our laptops and cloud investments are now obsolete. However – we’re now learning how to apply quantum techniques, or “Quantum Inspired Optimization” to solve hard problems for everyone’s benefit.  True quantum computing may be some years away – but for your organisation, focus on optimisation problems, and begin to reap real benefits. - Chris Lloyd-Jones, Emerging Technology Product & Engineering Lead

14. The AI arms race goes to the edge
In 2020, the industry will need to adapt to artificial intelligence (AI) on the edge – devices running away from home base, which can then be compromised or fed faulty data. AI in 2020 will be used by the CIO to drive automation in line-of-business processes, from claims processing and administration, to realising efficiencies and empowering new business models. These gains will be tempered as a realization quickly hits that data is fluid within an organisation, not well secured or locked down, leaving us searching for a single source of truth. - Chris Lloyd-Jones, Emerging Technology Product & Engineering Lead

Security operations and talent trends in 2020 

15. Security will be treated more as a people problem 
With 51% of executives saying the biggest security threats are coming from inside the organization, security will primarily be a “people problem” in 2020. While some internal threats are caused by malicious actors, they are more likely due to human error, lack of understanding or gaps in training. As we enter 2020, security leaders will prioritize the need to raise awareness and educate users, from the C-suite down. In fact, security awareness is listed as the top 2020 priority for 65% of enterprises, according to Cyber Security Hub. - Chris Miller, Global Security Practice Lead

16. The rise of intelligent security operations
As cybersecurity attacks grow in volume and complexity, today’s security operations professionals will increasingly be putting their faith in artificial intelligence (AI) to overcome legacy limitations and stay ahead of threats. The conversation will evolve toward modern intelligent SOC 2.0 - leveraging AI, machine learning (ML), automation and adaptive tools to manage security events and information. - Anand A. Manoharan, Security Consulting Director

17. Security skills gaps will drive new approaches to partnerships
At the pace technology moves to address today’s ever-evolving security concerns, CIOs are going to have to look beyond traditional talent pools to fill the gaps. I predict we will see a growing shift to co-creation between professional services and the business, where we will have the right people working together, architecting the right solution. - Brandon Nolan, Director Security Consulting 

18. Managed security services goes holistic
With enterprises adopting a hybrid cloud footprint, the CISO’s major worry will be how to secure and manage both on- and off-premises workloads effectively. In 2020, the approach will evolve from managing application security and identities, to managing the whole threat landscape of the enterprise, with new capabilities devised in AI, machine learning and automation. These advanced tools will break into a new generation of threat intelligence and pro-active threat hunting. - Anand A. Manoharan, Security Consulting Director

19. More outsourcing of managed security services
The number of job postings for security in the last two years has grown 500 percent. In such a competitive environment, it will be tough for businesses to find good tech talent, especially in managed security services (MSS). I predict there will be more outsourcing of MSS in high-tier enterprises, by creating a partial team of external MSS within internal structures. Meanwhile, the mid- to small-tier organizations will still need to outsource to manage cost efficiency, speed remediation and balance skills shortages. - Rajiv Sagar, Apps & Infrastructure Lead

20. Keeping it simple will be key
One in four attacks in 2020 will involve the Internet of Things, according to Gartner. Enterprises will have stats like this in mind as multi-cloud and hybrid-cloud initiatives create even more scale and complexity to deal with in the months ahead. That’s why I predict simplicity to be a key security trend in 2020. Security professionals will prioritize consolidation, integration and intelligence, to bring more visibility, control and efficiency to their security management and operations. - Chris Miller, Global Security Practice Lead


Find out how Avanade can help you secure the enterprise.