by Geoff Webb of Credant Technologies
It’s the most wonderful time of the year. At least, it is according to Andy Williams. At the very least, it’s that time of the year when people in the security industry start to make predictions about what’s going to happen next year.
You’d think that in the fast moving, dynamic and constantly evolving world of cyber security that making predictions a whole year out would be, at the very least, extremely daunting. Sadly no. Because if there’s one thing that really stands out when you look at the predictions, year after year, it’s that they are so… predictable.
I spent some time looking back over the couple of year’s worth of prognostications from various industry sources (and yes, even my own) and frankly, they are all starting to sound the same. Let’s see: social media will continue to be a threat. Attacks will get even more tailored and specific (I’m starting to expect a key logger to be written soon just to record my online pizza ordering habits) and, brace yourself for the biggest shock, cloud computing will continue to worry big companies.
Of course there’ll be other stuff: Doubtless the words “mobile” and “malware” will get tossed around some more quickly followed by someone breathlessly pointing out that iOS is so much safer than Android. But the real point is, as the French would say, “Plus ça change, plus c'est la même chose," which, loosely translated means "The more things change, the more they stay the same."
So why is it that?
I think partly because while technology keeps moving forward, the real issues remain unchanged. Those issues arise as much from the way we build the tools as they do from the tools themselves. New technology demands adoption, especially in the business world, because failure to seize upon the new leaves businesses (and harried CIO’s) at risk of being left behind. Yet for most there is rarely much profit margin in security.
So the business world (increasingly driven by consumerization trends) adopts ideas and approaches regardless of the underlying long term security implications and the carousel goes round once again and the same tune gets played. They have no choice, the march to innovation continues, and the security industry (especially the practitioners in their IT security teams) tries to pick up the pieces.
Most concerning is the pressure to adopt cloud is forcing us to do it all again; only this time the stakes could be much, much higher. Cloud isn’t just a new way of delivering cheap services. Cloud redefines how businesses and individuals even think about IT. And we, as an industry, are running late with the answers to some very important questions: How are we going to define (and measure) what secure cloud computing really is? How do we extend the ability to prove compliance out into an infrastructure that is, by design, often opaque? And, critically, how do we maintain control over the information we put up there?
I don’t just mean throw the files up and trust the SLA, I mean genuinely control who has access and what happens to information once it slips out of the safe waters of our own infrastructure and sets sail to cloud terra incognita?
So here’s my predictions for 2012: We are going to spend a lot of time thinking about the above problems and we’re either going to come up with some answers fast, or we’re going to spend 2013, 2014 and 2015 paying the price for being late.
Geoff Webb has over 20 years of experience in the tech industry and is a senior member of the product marketing team at Credant Technologies. Geoff provides commentary on security and compliance trends for such journals and websites as: eSecurityPlanet, CIO Update, The Tech Herald, Compliance Authority, Virtual Strategy Magazine, and many others. Prior to Credant, Geoff held management positions at NetIQ, FutureSoft, SurfControl and JSB. Geoff holds a combined bachelor of science degree in computer science and prehistoric archaeology from the University of Liverpool.