The end of the first decade of the 21st Century marks a turning point in information security, when major changes will be needed in perspective and practice. Here are my top ten forecasts for the coming decade.

1. Security demands new knowledge and skills

I’ve been pointing out for some time that we have the wrong skills for the future. The adoption of cloud services and the growth in social networks means that security management is less about specifying and managing technology, and more about persuading large numbers of people to do things they’re not inclined to do. This means drawing on fields such as psychology, marketing and education, and sharpening up skills in diplomacy, negotiation and crisis management. 

2.  Data integrity becomes a top priority for CIOs.

Data integrity is the final frontier for information security: one that has been widely ignored for decades by both attackers and defenders. Yet the impact of unauthorised changes to data can be deadly. Data quality standards are unacceptable in most organisations. Sooner or later, citizens and regulators will discover this and demand action.   

3. Cyber terrorism strikes

Critical national infrastructure has had an easy ride over the past two decades as governments have been reluctant to raise the bar to the level that’s really needed to prevent or deter cyber attacks by terrorists. All it takes is one terrorist incident to change that. Such an event is inevitable in the coming years.

4. Spies become unfashionable

In a transparent world of pervasive communications, security will become harder and privacy more valued. Surveillance systems will deliver a richer output on ordinary people than on terrorists and criminals, resulting in a growing citizen backlash. Forget the glamour of 'Spooks' as glamorous spies slowly morph into unwanted snoops.    

5. Information warfare begins to mature

Cyber warfare has yet to evolve into anything resembling a basic level of maturity. It has yet to acquire the necessary skills or escape from the unsuitable context of traditional military doctrine. This will change markedly over the next with the growing appreciation that information warfare is more the art of illusion than the science of sabotage. 

6. Supply chains dominate the problem space

We don’t do enough to monitor the security of technology suppliers and subcontractors. They represent the soft underbelly of government and industry. Awareness of the problem is growing, though the solution space is thin. Security managers will be compelled to bite the bullet as regulators tighten their demands.

7. Cloud services set new security standards

The current advice from lawyers and security consultants is that cloud services must be thoroughly audited by prospective purchases. This is not viable for standardised services that rely on economies of scale. The sensible solution is for service providers to demonstrate high standards of security. The ones that get this right will dominate the longer-term market. 

8. Virtualisation inspires new security solutions

Cloud services might present new security risks, but virtualisation technology also offers tremendous potential for new security solutions, enabling users to rapidly switch user profiles and client platforms. This will trigger a new wave of imaginative new security technologies. 

9. Email must change or die

Vendors have failed to deliver a consistent solution for authenticating and encrypting messages to and from third parties. With dozens of competing, incompatible solutions, third party email security is a mess. It must change or die. Either it way it demands the establishment of a trusted third party to administer the encryption keys.  

10. A new trusted third party must emerge

Responding to the need for secure communications between parties requires the establishment of a trusted third party. The rush to dominate this solution space at the turn of the century has now subsided into a crawl, just when we all need it. It’s time to start this ball rolling again.   

Permalink:
http://www.infosecurityadviser.com/view_message?id=167