This page contains a Flash digital edition of a book.
Disappearing Act Security’s Alleged


Recent acquisitions in the market have given rise to the notion of embedded security, rather than security as an add-on layer. Wendy M. Grossman discovers that this is only one of many trends shaping the future of data protection


S


ecurity is hard. Predicting future technology is also hard. Together, the task is nearly impossible. At Cambridge University, security engineer Ross Anderson says “we advise students ten years out because you can just see the shape of the monster”. Fifteen years ago, privacy and security specialists were obsessed with encryption. Now, SSL certifi cation is breaking down. Yet we don’t learn. According to the 2012 ‘Verizon Data Breach Investigations Report’, many big data breaches are still due to very basic errors like failing to change default passwords. Meanwhile, each new generation of technology punches new security holes. “The bottom line is that we’re in serious trouble in the sense that there are no easy answers, and people are always looking for easy answers”, says Peter G Neumann, principal scientist at SRI. “The


36


problems are inherently very complex”, he adds.


Some Things Never Change Some trends are clearly changing the security landscape: cloud computing’s large, centralized data stores are turning security into a service; mobility; the nascent ‘internet of things’; and automation – including anything from law enforcement (speed cameras, automatic passport control gates) to free services with no technical support. More complex trends include multiplying threat models: the Verizon report notes that while fi nancially motivated crime is becoming stealthier and more narrowly targeted, hacktivist attacks that indiscriminately grab huge amounts of data are on the rise. Other key developments include the vastly greater collection of personal data from surveillance, automated tracking (everything from credit card trails


to the log data kept by internet service providers), and widespread social media use. Finally, global shifts in economics and political power may mean a very different set of values rises to dominance, as Gill Ringland of Long Finance UK commented at the recent Digital Money Forum. The issues that today’s young information security professionals encounter mid-career will be vastly different from that of 2012. There is, however, one unchanging element: human nature. Neumann, who edits the RISKS Forum, regularly complains about the frequent reappearances of mistakes that were solved long ago. Failing to audit code or change default passwords are just two examples.


“There are tons of stories in the RISKS Forum of things that have gone massively wrong, and nobody learns from these mistakes”, he laments. Meanwhile, the consequences keep getting bigger: in 1980,


May/June 2012


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52