I was fortunate enough to be asked to make a presentation last week on where I think IT security will be at the end of the decade – and, whilst I was tempted to make my own predictions, I realised it was far better to let the captains of industry I have interviewed/observed in recent months make their own predictions.
One person I have a lot of respect for in this regard is Rik Ferguson, Trend Micro’s Global VP of Security Research, who I spoke to at the Infosecurity Show back in April on this topic.
The pace of technology never slows down, he told me, adding that one of security projects he is involved in is working with Europol – under the auspices of the ICSPA (International Cyber Security Protection Alliance) – and called Cybercrime 2020, which involves imagining what security will be in the year 2020.
Plans call for the Cybercrime 2020 project to be announced in September of this year, he added, so the precise details are still largely under wraps, but what he could say about the project is right out there on the leading edge of current technology.
It’s important to understand here, of course – as Rik noted – not everything that the experts are discussing with Cybercrime 2020 will actually happen.
Rik went on to say he was looking at some interesting older predictions about what was going to happen on the mobile operating system market share, and the projection back in 2008 – for today, 2013 – was that the Symbian operating system would continue to dominate the market.
Yes, well, precisely…
Rik went on to say that today’s predictions are that the dominance of Android and iOS (iPhone and iPad) will continue, but, he explained, if you attended the Mobile World Congress exhibition back in Barcelona in March of this year, you will have realised that new mobile technologies such as Ubuntu, Sailfish and Firefox Mobile – the HTML5 browser technology – are likely to break through.
As a result of this, Rik explained that it is now clear that the security exploits landscape is changing every two years, and that the pace of change is continuing to accelerate.
Against this backdrop, he told me, it pays to realise that – for example – an HTML5 attack surface such as that displayed by Firefox Mobile is set to become a single target for cybercriminals and hackers to exploit.
So why should you, dear reader, be concerned about mobiles and the enterprise?
Coupled with a little trend called BYOD – Bring Your own Device.
Put simply, this means that, by the end of the decade, most of our friends and colleagues – and maybe even you and I – will be consuming our Internet in the office on a smart portable device.
You will be connected to the corporate wireless network, of course – you won’t be connecting via 3G – or 4G if you can afford it – as the mobile nets will be more than a little maxed out – but that is another story.
Back with Rik Ferguson at Trend MIcro, meanwhile, and he told me that to cater for this rapid pace of change, Trend has a number of R&D efforts under way, the largest of which is Trend Labs, and looking at all the malware URLs, infections and IP addresses – as well as keeping the smart protection network up to date – is handled by their various offices.
Then we have a smaller R&D operation called FTR, which are tasked with forward-looking research, he said. Ah yes, Forward Threat Research – I just realised….
FTR are working on all sorts of technology, such as SCADA honeypots, and in-car system vulnerabilities. There is no one FTR office – they are global, he said, adding that today’s landscape of industrial attacks, SCADA and other attack vectors are always under constant analysis.
Rik went on to say that he expects the IT landscape in 2020 to be radically different from that of today – and not just because of the changing operating systems that will be popular then.
He told me that, if you look at kids today, they don’t want to use their parent’s social networks, so Facebook is clearly out.
They’re starting to use like You Tube – and others – which you would not think of today as a social network, yet it has become an interchange medium, he said.
And Rik told me that, because of these changes, the threat attack surfaces that will be targeted by cybercriminals in the Y2020 will follow the trends of the day – and users of these new and different social networking services will be under constant attack.
The Forrester perspective
Over at Forrester Research, meanwhile, and John McCarthy, a lead analyst with the US research and analysis house, posted a blog about a North America CIO Forum, which took place in the middle of last month.
As part of the session debate – entitled The CIO’s World in 2020 – John and his team debated and analysed the four key dynamics regarding IT and the CIO’s role in the future, and asked the 325 attendees to vote on the outcome they think is most likely to occur.
The audience members’ votes, says John, were extremely telling:
80% believed that technology would still be differentiating. To set the stage for the audience vote, the Forrester team argued that technology would be so commonplace and readily available via the cloud that a company’s ability to set itself apart via technology would be fleeting at best.
John took the opposite side, saying that whilst much of today’s transaction-based systems will be nothing more than table stakes, systems of engagement-based systems and technologies – based around analytics and smart products would be central to a firm’s ability to set itself apart in the eyes of customers.
Interestingly, the CIO audience overwhelmingly agreed with the call that systems of engagement and other technologies would be differentiating.
85%, meanwhile, agreed that most technology would be delivered via the public cloud – and 90% of the audience voted that central IT would NOT exist in the future.
The security vendor perspective
Over at Tripwire, meanwhile, Dwayne Melancon, CTO with the high-end corporate IT security specialist, said that, taking the Forrester gig on board, before the shift to cloud and IT services can happen, a lot of companies will have to radically change their approach to security.
Dwayne argued that most current security platforms detect intrusions at the network interface level – using a network intrusion detection system – meaning that if data stored in a cloud resource is to be properly protected, the IT security will have to efficiently detect changes to file system objects in real time.
He went on to say that Tripwire has always argued – which is true – that as well as detecting changes at the file system object level – effective security systems also need to exercise control over their physical AND virtual IT infrastructures.
Dwayne went on to say that the other take-out from the Forrester event – that 90% of CIOs think that centralised IT will not exist in the future – means that on-premise IT systems will have to be slimmed down to meet this need.
Whilst this may seem far-fetched to IT security professionals working in today’s system-based environments, he says, seven years is a long time in the world of IT.
He pointed out that later this month Apple will be celebrating the sixth anniversary of when the first iPhone was released – and you need to look, he adds, at how that small device – and remember that the Apple iPad as well, which is only three years old – has changed the portable computing landscape as we know it…
The bottom line…
The bottom line from this fascinating set of predictions on where IT will be at the end of the decade is that the security we use today will have to adapt markedly if corporate data is to be adequately defended, he explained.
And it’s against this backdrop, that Dwayne – CTO of Tripwire – concluded that the security systems we will use in 2020 must reduce risk and ensure the integrity of the IT systems – and data stored in those systems – regardless of whether they are real, virtual or cloud-based.
Tripwire’s predictions – from a report of late last year – he said, are that we will see automated regulatory compliance, security configuration management and continuous monitoring sooner, rather than later.