Securing your Information Assets

The challenge of safeguarding information assets is growing every day. Peter Tippett offers his top 10 predictions regarding information security over the next decade.

In today’s extended enterprise business environment, employees, suppliers, partners and customers are united on a single global network. Critical business data is no longer a contained entity as it flows in and out of the enterprise.

The more information that enterprises have to distribute and manage, and the more places in which that information is housed, the greater the risk of that information being accessed by unauthorised parties. Most importantly, this risk may no longer originate from ‘outside’ the enterprise. Real and present threats also emanate from sources within the data flow and along the enterprise supply chain, including business partners, suppliers and data users.

While online business transactions and consumer use of the internet are continuing to increase dramatically, cybersecurity breaches are starting to level off. In the next 10 years, security protection will become more effective and widespread as organisations band together to fight cybercrime.

While we can never fully forecast the future, we certainly have a good glimpse into what security will be like 10 years from now, based on all the data that has been amassed over the last few years. For starters, we know successful security breaches are levelling off and that means we are headed in the right direction. By 2020, we expect life to be notably better for cyber users.

My top 10 predictions for the next decade in information security are:

1. Security will be more measured and more scientific. While generally more effective, it may also become more mundane, similar to the way in which industrial safety and quality control are seen today.
2. The long-standing ‘lack of security data’ problem will lessen. More data will be available to more people. Standard, unified methods of collecting, analysing and reporting data breaches will become commonplace. This, combined with the new dominance of worldwide breach notification requirements, will tend to drive better controls and better understanding of the threatscape.
3. Something will happen that will force users to make more important decisions about the way they use the internet. There will be a large-scale consumer ‘vote’ on whether we value privacy or personal transparency.
4. Identity will become ubiquitous and simple for everyone. Anonymity will be possible, but the normal method of interacting with banks, health care, our workplace and other high-trust systems will include high-grade, ‘second factor’ identity operating as the norm. The user experience will be easier than it is today. The dozens of passwords that each net user has today will be reduced to two or three identities that are easy and intuitive.
5. Since human adversaries and not just industrial accidents and product defects are involved, the threat landscape will continue to evolve. Things will emerge that we haven’t thought of yet and organisations will need to devise new ways to beat the cyber criminals (then the process will repeat), but all in all, the overall security climate will get better.
6. The use of reputation systems, and the large-scale use of end-user, network, and other reputational data, will be coupled with numerous forms of automation that will help users to avoid websites, email and IP addresses with malicious content, or which have been recently involved in malicious activities.
7. Numerous security services will become part of the ‘cloud’. Many of the basics will be included ‘in the pipe’. It will be both possible and common to be able to use both wired and wireless forms of connectivity that include common security functionality such as email spam, antivirus and similar filtering, web proxies, firewalls, intrusion detection and prevention systems, denial of service, and other ‘reputational’ technologies. Together a larger segment of the population will be protected with these basics; they will be less expensive, more pervasive and more comprehensive.
8. Mobile platforms will dominate end-user interaction with the internet. Although mobility will invite malicious activity to be directed at mobile devices, users will generally gravitate toward platforms with better security and content with some software pre-testing or restrictions over platforms which are totally open and unrestricted. These controls will come from wireless, and some content, providers and will make malicious software less likely to succeed, which will contribute to decreased computer crime.
9. Software-as-a Service (SaaS) and numerous, diverse cloud services will dominate the software, storage, and compute-platform delivery models. Successful providers of these cloud and SaaS services will inherently provide better security features and controls than our current plethora of diverse and individually deployed enterprise systems.
10. Prosecution of computer criminals will increase over most of the decade. Better laws, logging and other evidence preservation, forensics capabilities, cooperation between worldwide law enforcement, and stronger, more ubiquitous and diverse electronic identity will all drive more arrests and more jail time for those convicted of cybercrimes.

In general, cyberthreats will become less and less risky as the decade unfolds. With stronger and more ubiquitous measures in place, we will see a significant decrease in email spam, identity theft and much of the computer crime as we know it today; and those cyber attacks that continue will change in character to fewer, more targeted attacks.

About the author: Peter Tippett PhD MD is vice president of security solutions and enterprise innovation for Verizon Business, with responsibility for driving the overall strategic direction of Verizon's portfolio of security solutions, including product development and marketing.

« Back