By Eric Chien, Director of Security Response, Symantec Enterprise Division, Broadcom\n\nThis is a continuation of Broadcom\u2019s blog series: 2023 Tech Trends That Transform IT. Stay tuned for future blogs that dive into the technology behind these trends from more of Broadcom\u2019s industry-leading experts.\n\nIt is difficult to overestimate the impact Covid had on the future of work and IT technology.\n\nThe pandemic sent the workforce home and technology services followed them out the office door. There was little time to consider and mitigate against all the new security implications. That said, working from home is no different than a lot of other circumstances in business. Conditions change and infrastructure is often put together at warp speed to meet the immediate business need. In this case, it was an immediate need for many employees to work from home. But for many organizations, a modern security infrastructure was never put in place to support hundreds of thousands of employees accessing a business infrastructure from home. There was no time.\n\nCut to today: employees have spent nearly two years working from home (WFH), and a lot of them like the arrangement and don\u2019t want to return full-time to a physical office. Several major businesses now want to turn back the clock, but efforts to convince employees to return to the way things were, pre-pandemic, are proving to be challenging. Now that businesses can no longer pretend that WFH is going away, they know they must put the security infrastructure in place. They can no longer play catch up.\n\nManaging the risk of distributed trust\n\nBecause Covid opened a proverbial Pandora\u2019s Box on remote work and the permanence of a distributed workforce, organizations realize that they will need to manage risk even more carefully, and in new and more different ways, than they had to in the past.\n\nAdd to that, how and where technology services have moved (or are moving). For example, before back office software was purchased and installed on servers that were located inside an organization\u2019s office. That is not the case anymore. These services are now cloud-delivered by multiple vendors all around the world.\n\nDecentralized trust and the distributed workforce\n\nThe concept of decentralized trust fits hand-in-glove with the realities of a permanently distributed workforce. In a new, permanent remote workforce model, that \u201ctrust check\u201d will no longer be at the physical door. It will be everywhere. It will be decentralized, it will be distributed, and it will involve multiple vendors. The trust check will need to happen on the client side, from where and on what device the worker will login from.\n\nIdentity security will become even more critical in this new world of decentralized trust and distributed human and machine resources. As enterprises take on more and more cloud applications, cloud access security will also become more critical. The urgency to implement new security systems for both identity and cloud access will drive IT transformation and budgets in 2023.\n\nIdentity security and MFA\n\nThe first phase for many organizations will be modernizing identity security by moving beyond passwords to a passwordless future characterized by a form of multi-factor authentication (MFA) augmented by a biometric element, such as a thumbprint, facial recognition, or retina scan.\n\nThis is the critical first step as humans enabling access to malicious third parties are a key element of most data breaches. This was true pre-pandemic when most workers were office-based. Without more effective, decentralized identity security controls, it will become even more of a vulnerability in our distributed workforce future.\n\nIt is easy to see how powerful this trend will be in 2023. As according to one recent survey, only 26% of enterprises today have implemented any form of even basic MFA.\n\nVerifying assets via CASB\n\nWhile MFA is a good first step\u2014security professionals can \u201ctrust\u201d the user accessing sanctioned SaaS applications\u2014how do they make sure users are behaving normally and just doing their job? How do they ensure nothing is uploaded to the application that shouldn't be, and how do they make sure they have full visibility into transactions? That\u2019s why implementing some form of Cloud Access Security Broker (CASB) technology becomes critical to secure all remote, cloud-delivered assets.\n\nCASB will provide organizations with the tools they need to interject security policies as their cloud-based resources are accessed. In essence, CASB defines what decentralized trust is all about: in a future of distributed, cloud-delivered assets, it re-centralizes security controls. It will provide the other most critical component of the security model for the distributed workforce of the future.\n\nAs 2023 progresses and more workers remain remote, trust becomes even more distributed. Security professionals cannot remove the risk of distributed trust entirely\u2014bad things will happen\u2014but they can look at how to manage the risk of distributed trust and put plans in place to build resiliency across a distributed infrastructure.\n\nTo learn more about tech trends transforming IT in 2023, visit Broadcom\u2019s Trends 2023 blog.\n\nAbout Eric Chien:\n\nEric Chien leads a team of engineers and threat hunters that investigate and reverse-engineer the latest high-impact Internet security attacks. Via these attack techniques and trends, he develops and drives threat intelligence and novel security solutions to prevent and mitigate against the next big attack.