2024 Predictions from Teleport CEO Ev Kontsevoy

In 2024, I hope to see significant growth and renewed optimism in the tech sector. Personally, I’m looking forward to the year ahead with positivity as Teleport enters an important period and a packed pipeline of significant enhancements to the platform. These capabilities are increasingly critical to a threat landscape that is centered on attacking identity and exploiting human behavior.

Given the emerging concerns about AI's impact on security, escalating nation-state cyber aggression, and identity continuing to be a primary target for cyber breaches, 2024 could be a defining year in the identity and access space. Here’s what I think it has in store for us…

Engineering and security teams will partner to protect infrastructure from growing identity attacks

Historically, the approach companies took to security was very IT-centric, with dedicated security teams – like those responsible for network security – working to ensure the organization was secure. However, with the dissolution of the corporate perimeter, the increasing complexity of cloud computing, and a cybersecurity talent shortage, the role of security teams will change.

In 2024, with identity attacks on the rise, we’ll see the role of security teams shifting to those of consultants and auditors, with engineering teams responsible for choosing vendors and implementing security protocols. Cybersecurity teams will be responsible for policy and ensuring that workflows and systems meet security requirements.

Increasing frequency and cost of breaches as a result of human error will force organizations to adopt secretless access

2023 was a year defined by human error in costly security breaches –– according to Verizon’s 2023 Data Breach Investigations Report, the human element features in 74% of all breaches. Mistakes such as privilege misuse, accidental data exposure, and falling victim to social engineering attacks stem from various human factors and the critical consequences of compromising secrets. This has resulted in organizations embracing biometric hardware and identity verification, but attackers are no longer solely fixated on stealing passwords. They seek a range of secrets embedded within an organization's infrastructure, including browser cookies, private keys, API keys and session tokens. To keep up with the pace of threats, organizations will recognize they must move to fully secretless authentication in 2024 to secure the wider spectrum of sensitive access points still vulnerable to threats. As organizations look to eliminate their reliance on static secrets, the widespread adoption of secretless access in the coming year will create immunity to human error and significantly hamper threat actors' operations.

We will see more M&A activity that consolidates tool sprawl

The uptick in M&A activity within the cyber sector in 2023 (Palo Alto Networks acquiring Dig Security and Talon, Crowdstrike buying Bionic, Thoma Bravo’s merger of Forgerock and Ping Identity, etc.) is a compelling trend that will continue into 2024. This surge, although driven by the down market, addresses the fragmentation of cybersecurity solutions. Managing these tools and overseeing the sheer volume of software can be extremely overwhelming for today’s CISO. This complexity can lead to significant errors, overlapping functions, integration issues and increased operational overhead. To address these pressing needs for customers and eliminate these challenges, we’ll see more vendors in 2024 make strategic M&A moves to broaden their platforms.

The industry will see more regulatory pressure

So much of the world is now controlled by or through software. As a result, world-renowned cryptographic experts like Bruce Schneier have advocated for increased regulation, even going so far as to say we need to start regulating software the same way we do air space. While there is no silver bullet, and I don’t recommend we regulate all software like this, there are undoubtedly critical software systems comparable to airplanes in terms of potential damage. It’s no coincidence that Gartner predicts that 45% of CISOs will expand their remit beyond cybersecurity due to increasing regulatory pressure and attack surface expansion. Expect this trend to begin early this year and quickly snowball over the next five years.

As the threat landscape evolves and regulatory pressures mount, the ability of organizations to manage access controls across their entire infrastructure will determine their capability to scale operations quickly and capitalize on innovation. In 2024, those organizations that adopt the least privileged access principles and remove secrets from their security architecture will be best placed to do just that.

Closing thoughts

As we delve into the challenges and opportunities of 2024, it's evident that creating a secure and forward-thinking tech ecosystem is imperative. Addressing the evolving threat landscape and the critical role of identity and access management is essential for our digital future.

I invite you to watch the replay of our webinar "Modernizing Access to Mitigate Security Risk and Speed Threat Response." This session, featuring insights from Melinda Marks of Enterprise Strategy Group (ESG), Aleksandr Klizhentas, CTO of Teleport, and myself, focuses on the pressing security challenges companies currently face and the necessity of modern access architecture. Click here to watch: Modernizing Access to Mitigate Security Risk and Speed Threat Response.