This is the third in a series of commentaries on what’s wrong with information security and what needs to be changed. My last postings discussed the need for changes in the perception and sponsorship of security, as well as the changes needed in standards. This one discusses the new solutions that are needed to safeguard our future interests.
Solutions are a combination of technology, skills and operational practices. When it comes to information security, all of these are weak.
Few security technologies have emerged in the last 20 years. You can count them on one hand. It’s also questionable whether current solutions will scale to meet the imminent ‘data Tsunami’ and the accelerating (exponential) volume of relationships created by networks.
Security skills are thin on the ground, and in my view those in place are generally the wrong ones for the future. This subject will be dealt with in more depth in my next blog posting.
Operational practices are rooted in industrial age ‘process’ thinking, which places too much reliance on policies, procedures and audits. This is an inadequate basis for a dynamic subject area in a society that has long dispensed with the need to read operating instructions.
Technology is the only hope for achieving future change, because it mandates the new security skills needed, and shapes future operating practices. The key requirements of new technologies are that they are affordable, agile and scalable. On top of that, they need to be relatively easy to implement and manage.
Fortunately, there are several emerging technologies that will fit that bill.
Virtual infrastructure transforms both the problem and solution spaces. It results in new security exposures and attracts new threats, yet at the same time it removes many existing attack vectors (such as scanning platforms for vulnerabilities).
Virtualisation technologies can also present new opportunities at the client level, such as HP’s concept of multiple identity personae operating in isolated environments. These solutions are highly promising as long as they underpinned by trusted computing architectures.
Cloud based security services can leverage a much broader knowledge base, enabling small organisations to quickly identify and respond to new threats. As time goes by, these services will increasingly learn to exploit the greater knowledge and visibility of the user community, enabling scalable, improving solutions to be delivered to customers.
Dashboard technology is also maturing, enabling a centralised, real time overview of events. The concept of a secure operations centre is a reality, and an increasingly essential capability for managing major incidents. In an increasingly volatile business environment, the future of all business management will be rooted in an efficient information centre and control environment.
Data mining, fusion & visualisation technologies are powerful, proven tools to identify fraud and support security investigations. We have only scratched the surface of these emerging capabilities, but enterprises will progressively grasp the benefits of these technologies.
The operation of these new capabilities will drive the demand for new skills, better infrastructure and faster processes to manage information security. Within a decade these new capabilities will transform the solution space. The challenge will be to persuade governments, regulators and institutes to recognise the need for change.