Cybersecurity Predictions for 2025: Platforms, Convergence and the Future of Risk Management – Source: securityboulevard.com

Hello, I’m Fernando Montenegro and I recently joined Futurum Research as Vice President and Practice Lead for Cybersecurity Research. You may have seen the video from my colleague Krista Case, so this is a bit of a complement to that. I also encourage you to check out our eBook. 

We want to highlight several crucial areas for the security landscape in 2025. First up is the discussion around security platforms. We emphasize that there’s a very nuanced discussion to be had about what actually is a platform and how you consume one. We typically think of a conversation as a dichotomy between platform versus best-of-breed, but we think that has actually evolved into a much more complex decision matrix. Besides choosing on functionality, pricing, etc., we argue that there are now at least three dimensions that people should consider. 

First one is do we buy it as a platform or as a point product? Do you consume it as a product and then you have to integrate it yourself or is it integrated into a platform? Which one evolves quickly? Which one gives you faster time to value? The second conversation is are you buying something that is best-of-breed versus “good enough”? Of course, we all want best-of-breed, but that comes at a cost. So how can organizations choose where they want to pay for a premium versus where “good enough” is, well, good enough? Lastly, you have the topic of how do you consume it? How do you deliver it? Is it something that you’re choosing to buy from a vendor directly? Or is it something that you are working with a service provider or a channel partner on? 

Each of these dimensions have pros and cons and you have to evaluate based on specific organizational requirements. We argue that as cybersecurity becomes much more strategic, these types of decisions become much more tied to an economic angle and we have to, frankly, just navigate what the economic trade-offs are between these choices. Another key area for us for 2025 is the evolution and the convergence of application security with cloud security. Now, cloud security best practice in general is encouraging us to use more automation and infrastructure as code as principles. And that by itself fits really well with how application security already works. Also, the developers that are typically outputting front-end code, HTML, CSS, JavaScript, or backend code, Go, Python, No, what have you. They are also very comfortable creating Kubernetes configurations in YAML or Helm charts or cloud formation templates with cloud formation or Terraform, etc. So it’s not that big of a jump to include those configurations into the software supply pipeline. This alignment is really interesting because it creates this proximity between consuming application security and cloud security functionality. 

That being said, this convergence is also interesting because we have to rethink how teams are structured, how responsibilities flow from one to another. So that’s another area that we’re looking at. The third area I want to highlight is the evolution of third-party risk management. We think that modern third-party risk management is much more about addressing both the business level risks as well as the technical risks across your value chain. So this includes evaluating, for example, security libraries or cloud posture or SaaS components that you’re using, as well as vendor reliability, financial liability, etc. The challenge here is how do you as an organization maintain this complex information set on first-party, second-party, third-party, fourth-party relationships. So it’s really interesting. 

One more point I want to mention before we wrap up, and that is that there are quite a few security areas that actually are very good at spanning multiple domains, if you will. We all talk about AI security, for example, as one of these. But that said, we think there are other areas. Ransomware response and protection, for example, is one of those. It’s not just an endpoint security issue, just like it’s not only a data security issue. It actually flows into a bigger conversation around risk management and cyber resilience. Also, secure access service edge (SASE) implementations, right? They themselves are interesting because they span from network security to cloud security, data security, and so on. All of these are really interesting areas that require us to look at them with different perspectives and from different lenses. 

As we look into these in 2025, we here at Futurum are paying very close attention to the needs of all the stakeholders in these areas. As I get to wrap up, I want to thank you very much for your attention, and I want to encourage you to do three things. First of all, if you can please review Krista Case’s video for some other cyberpredictions, please review our eBook for a complete set of predictions from cybersecurity and other areas. And also, I want you to stay connected with Futurum Research. There’s research we’re publishing throughout the year, Futurumgroup.com. I often like to say, I mean, there is never a dull day in the cybersecurity industry. So thank you very much for your time, and I wish you all a great day.