Prevention is better than cure – 2024 security predictions

Security predictions for 2024

The security industry is heavily weighted to reacting to incidents once they have occurred, what if the industry could invest as much time in preventing the incident in the first place? Enter the fast-growing domain of security posture management. Today this can be achieved across different cloud instances (Azure, AWS and GCP) using products from a range of suppliers including Microsoft’s Defender for CSPM. However, it’s the future of measuring posture management that will get more interesting throughout 2024 as companies such as Microsoft expand the features and toolsets of their services (including 3rd parties) to include preventative controls and extensive exposure management scoring to lower everyone’s security risk profile. Expect to see new dashboards, across the board product integrations and naturally a splash of AI to bring it all to life. 

Password-less, finally? 

This is one I’ve been predicting for years and perhaps this time! There are several approaches which have enabled password-less in certain scenarios. Microsoft personal accounts (@outlook.com) have been able to be password-less for several years. And this year FIDO PassKeys helped to start making password-less approach for websites viable whilst being supported by all the major players. 

The prediction is that you will be able to create a user account within Entra Identity (once known as Azure AD) without having to set a password. Either Microsoft Authenticator (which itself is due updates this year) and / or Windows Hello for Business will allow for an account with no password to be registered. The year that passwords finally start to die off? 

Ultimate Secure Operating System 

This prediction will start to happen during 2024 though I suspect many more years before a common reality, but then these are predictions. Windows as a desktop operating system for home / office users will start to massively decline. In fact, by the time Windows 14 launches (!) there will be no local installation available. Instead, the OS will be hosted within Azure only as part of Windows 365. Home and office users will be able to access their Win365 image from anywhere and from any device with a full security stack always present on the remote OS under total control of the companies IT department. No more leaking data, lost laptops in Las Vegas (a laptop is stolen every minute in the USA) and unauthorised software being installed and company machines. 

Quorum Cyber has started this journey already with several analysts, engineers and directors using Windows 365 for remote / travel working, malware testing and code analysis to cite a few examples. Updates for this remote Windows service are due throughout 2024.