I previously shared my 2021 Year in Review – if you missed it, it’s now available as a blog article on our website. Today, we look ahead at IT and Information Security trends to watch and plan for in 2022.
It’s been said that the pandemic hasn’t necessarily created new trends, it’s simply “hit fast forward on a number of trends“. One of which is that screen time is up, a trailing indicator that was likely accelerated with a continuing number of businesses adopting Work From Home (WFH) and Work From Anywhere (WFA) flexible work space policies. The need to access resources and data from anywhere at any time has further accelerated cloud adoption.
With the end-of-support of Windows 7 in January 2020, most of our clients had undergone endpoint refresh projects through 2019, so other than the need to supplement some desktop computers with laptops for remote work, the need for end-points has been reasonably manageable, even given the supply chain issues created by the pandemic. However, looking ahead, Windows Server 2012 and 2012 R2 go end-of-support in October 2023. Therefore, many clients are entering 2022 with the need for server refresh projects. In fact, over 40% of all servers supported by Suite3 are v2012 R2 or older – it’s time to get to work.
However, with more and more services being moved to the cloud – Microsoft Exchange servers moving email services to Microsoft 365, and line-of-business applications moving from on-premise installs to clould-based software-as-a-service subscriptions, for example – the on-premise server count for many clients is reducing over time. In many cases, the need for servers can be eliminated completely, and a client’s environment can become “serverless”, with all services and security being controlled through cloud subscription services.
Unfortunately, while these migrations save the client from having to budget for large, capital expense (CapEx) driven server refresh projects, this results in the client needing to budget for expanded operating expenses (OpEx) as subscription costs will increase as a result. The cloud isn’t necessarily cheaper, because “there’s no such thing as the cloud – it’s just someone else’s computer”. Similarly, some devices formerly bought as capital expenses, such as a firewall, have shifted to an operating expense as centralized management for regular security updates is required.
As discussed in the 2021 year-in-review, vulnerability management to deal with new risks will continue in 2022. With rapid security changes that often result, an added pain point many will feel are the impacts those changes will have on older, legacy technologies. For example, following the “PrintNightmare” vulnerability, the “fix” provided by Microsoft caused many older, out-of-support printers, particularly items like specialty banking printers and large, multi-function copier/printer devices, to stop working correctly. As a result, all items, including peripherals, should be managed and replaced on a regular cycle to ensure continued support as updates occur in the future.
Also mentioned in our 2021 year-in-review is that the key to IT security is often to master what is in your control. Therefore, in that theme, we are planning to implement notifications that an email has originated from an external source on all Microsoft 365 email tenants under our management in early January for those who do not currently have this feature already in place. That’s one zero-cost best-practice approach to improve phishing email spotting and vigilance.
In general, for many clients, expanding their Information Security processes and procedures will dominate 2022. Many in regulated industries have well defined Information Security, Incident Response, Disaster Recovery, and Business Continuity Plans. However, more and more clients are dedicating time and effort not just to technology implementation and support, but also policies, procedures, and governance.
Finally, I hate to be the bearer of bad news, but buckle up for some price increases as the year progresses. We’ve seen inflation increase through Q4 of 2021, and some are predicting it’s going to get worse before it gets better. We’ve seen multiple increases in costs from our vendors, but have insulated our clients from most when we’ve been able, though our cloud backup solution did see a jump starting in January 2022. However, Microsoft has announced price increases starting in March, though the timing of the increases may vary client-to-client, and we don’t anticipate this will be the last increase of the year.
We understand the perception of feeling nickeled-and-dimed when it comes to IT expenses. I look at our own and often marvel how we used to do business and we didn’t have to pay for all these recurring IT and IT security expenses. However, those costs are balanced by the realization that 20 years ago, a refresh project would have been tens of thousands of dollars of on-premise equipment and licensing which is no longer needed. At the end of any regular five-year refresh cycle, it’s a wash.
Among the core values at Suite3 is Good Advice – “We will provide our clients honest advice for the most cost effective solution to their business needs”. Whether during the CapEx era of yesterday or the OpEx-heavy era of today, our goal is to provide value – that the right technologies and security solutions are provided to drive the business success of our clients. Your success is our success – in 2022 and beyond.
Dave DelVecchio, President – Suite3