The Future of Security

Tonight I’m speaking on the Future of Security for the BCS South West Branch at the University of Plymouth. It may seem a little off the beaten track. But I’ve been very impressed by what I’ve seen of the University and its Network Research Group, which is fast becoming a UK centre of excellence for network security, under the dynamic leadership of Professor Steven Furnell. The topic I’m speaking on is a familiar one. I’ve been giving presentations on this subject for more than decade. So it’s interesting to reflect on how my perceptions of the Future has changed over the years.

In the early 90s, the Internet was not yet a business tool, but we could see its potential. It seemed the perfect embodiment of Alvin Toffler’s vision of the Information Age. Its arrival in the corporate environment coincided with rapid growth in business partnerships and outsourcing. In fact it seemed the perfect vehicle to underpin the virtualization of business. But there were no strong security features to safeguard business infrastructure and transactions. It seemed inevitable that we were heading towards a long, sustained era of heightened security risk. I was particularly interested in how we might manage the contradiction between the growing criticality of IT to business operations and the dimishing security of IT infrastructures. One of my forecasts at the time was for “Two Track IT”, i.e. two streams of IT development and operation, one fast, loose and risky, and the other slow, sure and secure. That division never happened. Somehow we managed to contain the risks and maintain a semi-secure IT infrastructure that stayed marginally ahead of the emerging threat.

Other forecasts were more accurate. The slow death of corporate perimeters. The breakdown of the boundary between business and personal lifestyles. The growth in computer crime and espionage. The fragmentation of IT into networks of smaller devices (though wearable technology has been slow to emerge). The need for real-time monitoring systems. The boom in Information Security as a line of business. All of which just goes to show that much of the future is predictable. In fact many of my Powerpoint slides have remained largely unchanged for more than a decade. One forecast still remains to be fulfilled, which is the rise of cyber-terrorism, although I did point out it was unlikely to mature before 2006. It hasn’t yet happened yet. But it will arrive one day.