Sol Cates | Principal Technologist, Data Protection
As I discussed in my previous post, the security industry often feels dangerously reactive to innovation. Instead of looking forward to the future, we are constantly playing catch up and filling in gaps as they emerge. Short term resolutions will always tend to be more reactive as a whole, but we can use the tools we develop today to prognosticate the future of our industry.
Ultimately, our sector needs to find a proper balance between anticipation and reaction. Today, most organizations ask the following questions when they think about the future:
- “How will information security evolve?”
- “What will happen if these changes occur?”
- “Who will be behind our sector’s transformation?”
At Thales, we understand that anticipation is more than just asking how, what, when and who. Here, we ask one simple question: “why?”
I am a huge fan on Simon Sinek and recommend all my colleagues watch his wonderful TED Talk on how great leaders inspire action. In the end, inspiration comes back to “WHY,” that’s the question the inspires the reflection necessary for change. Every other question is simply an extension of WHY, if you understand the reason for WHY you do what you do, then you can find purpose in your actions. This introspection is not only perfect for leaders; it can help the security industry evolve into something better than before.
So instead of asking what will change in the future of cybersecurity, let’s look at the system as a whole and anticipate why these changes will occur in the first place.
Change #1: IoT security will become more pressing for consumers and operators
In my previous blog post, we discussed the security trends impacting Internet of Things (IoT) manufacturers. Now, there is a sense of immediacy at the manufacturer level because they are the source of IoT devices we use widely today. Many manufacturers are beginning to take steps to close their security gaps, but eventually the consumers and operators of these devices will need to have some control as well.
Ultimately, IoT devices offer sense of convenience and service we have never seen before. For example, many healthcare organizations use smart machines to collect and distribute important data about their patients. On the consumer side, your neighbor may have an Amazon Echo that controls the lights and thermostat in his home. All of these devices are unique, but connected.
It’s nearly impossible for you to avoid using multiple IoT devices in this day and age. Unfortunately, every tool comes from a different vendor with unique security expectations and gaps. Both consumers and operators will need to be able to fully trust the safety of the smart tools they use and the data these devices collect. Manufactures may be already stepping up to address security concerns, but we need to take a closer look at their software, modules and chips.
Eventually, I anticipate the IoT community will become more streamlined, but this will take time. Now is the moment to ask why this restructuring is necessary and what can be done to achieve it.
Change #2: Blockchain technology will continue to evolve
So, first things first: what exactly is a blockchain? One of the best definitions I’ve seen comes from the Wall Street Journal, which states:
“A blockchain is a data structure that makes it possible to create a digital ledger of transactions and share it among a distributed network of computers. It uses cryptography to allow each participant on the network to manipulate the ledger in a secure way without the need for a central authority.”
We have already seen blockchains through the use of Bitcoin, which essentially made security their main feature and function. Now, cryptocurrency has fallen out of favor for now, but the technology behind their use remains relevant. We should anticipate the creation of more items with security built in as necessary component.
So what does this mean for blockchains? Well, they provide a formal validation process. The financial sector is already utilizing this potential. Everything from transactions, contracts to deeds could use a blockchain to legitimize and catalogue their process. I anticipate other industries, such as healthcare and the federal government, will use and benefit from this technology as well.
However, in order for blockchains to work, we need to believe and trust them. This means every participant must agree and anticipate how they will take part in the chain. Unfortunately, innovation and vulnerability often walk hand-in-hand. So, we must build trust and security into the technology of the chain itself and allow it adapt to change when it becomes necessary.
Change #3: The Era of Automated Infrastructure
We are seeing fast adoption in the DevOps and microservices space. Both of these processes allow for faster development, which keeps applications alive and evolving in near real-time. Essentially, DevOps and microservice architecture allows your software to run unique services through independent deployments. Now, you can create your desired infrastructure state automatically and through coding.
Simply put: everything is replaceable. But, while apps, servers and infrastructure can be automatically replaced, our tools will still need to hold secrets. This leads to a new and pressing challenge gap: how exactly can we govern our microservices? We can’t simply leave secrets in the code.
In the future, our containers will need to be secure and accessible at the exact same time. This may seem impossible now, but it can be done. If we anticipate the security needs of DevOps and microservices, we can have our cake and eat it too.
Change #4: The Age of Quantum Computing
So, this is going to sound like science fiction. But before I begin, let’s define quantum computing. According to Tech Target:
Quantum computing is the area of study focused on developing computer technology based on the principles of quantum theory, which explains the nature and behavior of energy and matter on the quantum (atomic and subatomic) level.
The quantum computer, following the laws of quantum physics, would gain enormous processing power through the ability to be in multiple states, and to perform tasks using all possible permutations simultaneously.
Simply put: quantum computers are fast. This opens a world of new possibilities, innovations, and yes, concerns. After all, what risks will these kinds of machines pose to cryptography? How, exactly, can we create keys that cannot be broken with by pure processing power?
The world of quantum computing is still theoretical, but this shouldn’t stop us from anticipating the changes it will bring to the security industry. We will need to develop quantum safe algorithms and implementations, which is an exciting new age for our sector. The math behind quantum computing is still in development, along with its security and successes.
Change #5: Machine learning milestones
Reactions are not unique to security professionals; our tools have the ability to learn from threats as well. We are currently seeing a rise in machine-learning security solutions, which have the ability to learn and adjust without direct programming. Simply put, machine learning has the potential to unlock great security value
Like most of the changes I’ve anticipated, the success of machine learning lies with trust. As these techniques become more widely used, we must develop and follow a framework that is dependable.
At this point in time, the correct framework for machine learning is still unknown. But, hopefully, it won’t be unknown for long.
At Thales, our purpose is to make the digital world a safer place. This is our WHY. We don’t solve surface-level problems; we anticipate the world that creates them. In order to anticipate the future of our industry, I encourage everyone to continually step back and observe the changes being made now. This is blog represents just a taste of what’s to come, the world of security will keep evolving and we will be there evolving with it.