This year, we’ve seen AI introducing new threats and amplifying existing risks, machine identity lifespans shrinking, and the provenance of code under increased scrutiny. These cybersecurity trends will continue to evolve rapidly. But we’ll also see cloud-driven developments, such as platform teams taking a bigger role in cybersecurity as well as a greater recognition of open source innovation and “know your code” efforts. As a result, SPIFFE will begin to become ubiquitous and machine identity and access management will continue to play deeper into the workload level.
AI continues to garner the bulk of mindshare. In 2023, organizations rapidly embraced the promise of AI innovation. However, as they have begun to experiment with applying AI to new use cases, they have encountered a slew of new threats and amplified risks. And AI will continue to be a major cybersecurity focus in 2024.
According to Kevin Bocek, VP of ecosystem and community at Venafi, “New threats – such as AI poisoning and model escape – have started to emerge while massive waves of generative AI code are being used by developers and novices in ways still to be understood. And on top of this, AI and machine learning run on cloud native infrastructure, making the use of technologies like Kubernetes an even bigger target for attackers. These issues will have a major impact on security in 2024 and beyond if they aren’t addressed.”
Cloud Native Security Report 2023
To learn more about where these trends will take us, we polled a variety of machine identity and cybersecurity experts on what to expect in the coming year. And here is a list of the 2024 predictions that we felt were most compelling:
Kevin Bocek, VP of Ecosystem and Community at Venafi
In 2024, the “1000x developer” combined with the “1000x hacker” will create the perfect storm for breaches
The gathering momentum behind the ‘1000x developer’ movement – whereby developers will become a thousand times more productive with the power of AI – will magnify security challenges in the year ahead. Despite fostering innovation, the rapid pace and intricate nature of securing modern environments pose daunting challenges. According to Venafi research, 75% of IT and security leaders recognize the emergence of new security blind spots due to the speed and complexity of Kubernetes and containers. Fifty-nine percent have already encountered security issues in such environments, making it difficult for security teams to know where code has come from or implement best practices. Throughout computer science history, scenarios that favor speed over security haven’t ended well.
Complicating matters is the ascent of the '1000x hacker' – AI-enabled attackers who are equally productive and powerful. To combat this, the notion of a 'cyber skills gap' will dissolve, as organizations can't feasibly hire 1000 cyber pros to compete with these threats. The solution lies in embracing the power of automation operating at machine speed. To match the 1000x developer and hacker, we need the '1000x CISO' and '1000x security architect', so the challenge for CISOs in 2024 will be how they can adapt and change.
Outages will double as machine identity lifespans shrink
In 2024, shorter machine identity lifespans will reduce security risk, but also create more chaos as outages double or even triple. Google has already announced intentions to reduce public trusted TLS certificate lifespans to 90 days – a crucial step to hampering cybercriminals looking to misuse identities. However, most organisations aren't prepared for this. We’ve seen the impact of certificate related outages recently, with entire payment systems going down, leaving people unable to refuel their car, or buy groceries. As certificate identity lifespans decrease, this will become much more common, unless organisations automate machine identity management.
Don’t Delay: 5 Urgent Actions to Prepare for 90-Day TLS/SSL Certificates
Matt Barker, Global Head of Cloud Native Services at Venafi
Security will continue to become more developer-led in 2024
In 2024, we’ll see platform engineering take the next step into security. The DevOps movement focused on breaking down the barriers between developer and operations teams, with an outcome of speed and ease rather than security. As DevOps was adopted as part of an evolution into platform engineering, we’re now seeing security guardrails being applied to toolchains and workflows to reduce risk. Now we’re starting to see the next phase, with platform engineers getting even more focused on creating developer-friendly solutions with robust security built in. This will enable developers to build or scale products and features both rapidly, and more securely.
Next year, the EU Cyber Resilience Act will have to be amended to protect open source innovation
Next year, the EU will be forced to amend the Cyber Resilience Act, as it’s unworkable in its current form. The Act’s wording around liability for data breaches and open source is worrying. In theory, if a 16-year-old developer writing open source code merely accepts a coffee as a reward for their contribution, they could be held to account if a large organization using their code is breached. This is an extreme example, but there must be more clarity in the Act’s language around liability. Otherwise, people writing open source code in the EU could down tools, as the stakes are simply too high.
2024 will be the year of ‘Know Your Code’ as regulators sharpen focus
Over the last few years, we’ve seen multiple attacks on vulnerable code. Now that AI is being used to generate code, establishing where that code has come from is harder than ever before. As a result, legislators have responded, issuing regulations – such as Biden’s SBOM Executive Order – that have brought the provenance of code into sharp focus. As we move into 2024, we will see an increased focus on ‘Know Your Code’, where organizations will need to establish and verify the provenance of the code they are using. Those who fail to do so will soon find themselves at risk not only from attacks, but also regulatory fines.
2024 will see an increase in the commercialization of vendor-led open source projects
Tough market conditions have led many vendors, such as HashiCorp and Docker, to more aggressively commercialize their open source projects through license changes and updates to their business models. This growing trend means organizations that are heavily reliant on vendor-led open source projects will need to consider the impact this might have on their operating models. This could drive more robust assessments of the open source projects being used throughout businesses, and a move towards those projects protected by a foundation like the CNCF.
Shivajee Samdarshi, Chief Product Officer at Venafi
AI will take election hacking to another level in 2024
With major elections in the US, UK, and India coinciding with the mass adoption of Generative AI, we are likely to see AI supercharging election interference in 2024. From the creation of convincing deepfakes, to an increase of targeted misinformation, the concept of trust, identity and democracy itself will be under the microscope. This will put even greater onus on individuals to scrutinize and make informed decisions and on media platforms to root out false content.
2024 will be the year of the AI poisoning attack
In 2024, AI poisoning attacks will become the new software supply chain attacks. Such attacks will be characterized by threat actors targeting the ingress and egress data pipelines, to manipulate data and poison AI models and the outputs they produce. With AI being used across a wide variety of business-critical workloads – potentially with very little oversight – maintaining the integrity of such systems needs to be of paramount concern. Small tweaks to AI inputs can change outputs dramatically – either immediately or slowly over a long period. So, any data being fed to AI must be secured. This means establishing the provenance of data and using technologies like code signing to secure it.
SPIFFE will go mainstream in 2024 to help tackle the multi-cloud identity challenge
As cloud native matures and businesses develop their multi-cloud strategies, SPIFFE – the identity framework for applications and services to securely communicate with each other – will become mainstream in 2024. We’ve already seen major cloud providers building SPIFFE and a workload-centric approach to machine identity management into their platforms, which is a good indicator of where the industry is heading.
Sitaram Iyer, Senior Director of Cloud Native Solutions at Venafi
As organizations grapple with scaling security and governance across trust boundaries, machine identity and access management will shift to the workload level in 2024
Venafi research shows 76% of IT and security leaders believe we are heading towards a cloud reckoning in terms of costs and security. Many organizations started their journey with a single cloud provider, requiring them to manage identity and access only within that single environment. However, 69% acknowledge that when moving to the cloud, they dragged a lot of old security problems with them. As maturity has increased, organizations have begun using the cloud in a more distributed way across multiple trust boundaries, all containing identities that need to be managed. However, these identities no longer extend beyond that environment without some kind of federation.
The challenge in 2024 will be ensuring security controls work across environments and can be governed consistently. This necessitates a strategic shift to a more agnostic, distributed way of managing machine identities and controlling access, achievable only through authenticating identity and access at a workload level. As a result, the adoption of federated identities, such as SPIFFE machine identities, will rise. This will enable organizations to utilize existing Public Key Infrastructure for strong encryption across workloads, irrespective of where they run. Extending existing PKI infrastructure to workload identities will also see policy controls getting more granular and local to the workload.