Over the holidays and during the first few days of the new year, I’ve had several people in my life approach me and ask, “What are your thoughts on the new year? How do you think things will change for us over the course of 2022?”

These questions, and others like them, got my mind rolling and I started to think of answers from a variety of perspectives. Whether it’s in our personal lives or in our professional lives, if there’s one thing we’ve learned from the last two years, it’s that changes are coming and there’s really nothing we can do to stop them or even slow them down.

From an IT perspective, the world I’m in day-in and day-out, I’ve had a few recent thoughts that I’ve developed into the following list of predictions. You could say that these are the things I think will (or could) happen in 2022:

• We will see more security tool consolidation. We will see more single-tool players rolled up into larger security suites trying to create a single platform that addresses security risks from 360 degrees. There will be more marketing and early, Version 1 solutions, providing a glimpse of where security investments are going to match the creativeness of the bad actors. This will come on the back the realization that there are too many tools that overlap and leave gaps that open their customers to exposure.
  
• We will start to see the SMB security discussion turn away from trying to fund their own security infrastructure, realizing that the nature of the risk means they cannot be an island unto themselves as it relates to security. As a result, they will see pricing spiraling beyond what they can reasonably afford. The answer will be the idea of being part of a collective that share the security costs to bring the best tools to SMB to meet the risk at prices that fit the budget. Very early stages stuff.
  
• We will see herd mentality come to security and the smart vendors will work out how to provide an umbrella over SMB in a way that gives them access to the higher end tools they need with outsourced support to run them efficiently.
  
• The next evolution of larger companies forcing security and compliance standards down on their vendors and partners will be talked about and begin to take shape. While audits and assessments are tied to requirements to be an approved vendor to some level today, I think the idea of point-in-time security audits and exams will not be seen as sufficient to mitigate the 24/7 security risk from some of the more sophisticated bad actors in the world today.
  
• Evergreen audits and the idea multi-tenant platforms that allow large players to have some real time visibility into vendor compliance and the ongoing maturity of their security operations will become more prevalent. These Compliance Chains, where big players have some visibility into the actions of the security actions and gaps of their vendors, will be a condition of doing business. Security vendors will jockey to be the platform of choice, which will lead to more consolidation. Eventually, every regulated industry will have to accept this as the new normal in the fight to protect client/patient data.
  
• Security platform vendors will spend the money necessary to flesh out their platforms and look to develop multi-tenancy to become the defacto standard for a major player so they have inroads into their vendors and suppliers.  

As you can see, I have some definite opinions and thoughts on what I think will happen and change in the next 350+ days in 2022. I’m sure some of them may not exactly happen this year, but I’m confident we’ll see these trends start to pop up over the course of the next little while. I could be wrong… maybe I’m spot on. That’s the beauty of predictions. Who knows what’s really going to happen this year? I guess time will tell.