This article describes briefly how information security will be affected by the coming changes with regards to how we interact with information and communication systems.
We have recently witnessed how virtualization of servers and clients have transformed how we think about information processing. Today, we all understand that the information we see at our computer screen can reside anywhere in the world. The application and software we use can be somewhere else. Nevertheless, we use it here and now. Call it Cyberspace, virtualization or the Cloud – most of us use it every day.
What has happened? Information processing has been totally released from its boundaries in terms of geographical location. The only limit is the bandwidth used to transfer the information from the place of processing to where we are for the moment. Since the bandwidth capacity available to us continues to increase really fast, we can almost discount that as a limitation in the near future.
But we are still not “free”. There is something that limits the use of information and communication technologies today. That is the interface we have to the information. We continue to carry around small mobiles and laptops. We continue to read small screens and punch in text messages in small keyboards. All this to simulate the “limitless” mobile life. But we are not there yet.
The way we interface with information and communication systems is about to change. This, I think, will be the next big communication revolution.
Pretend for a moment that you had access to the same Internet-based services and your software on your computer and mobile without having to carry them around. You could interface with these services and control them using your voice, gestures, or even thoughts. No keyboard needed.
But not only that; there would be no screen to look at. The screen will be replaced with small gateways or we can call them translators between the systems and you. You might perceive the services by hearing the results of a command, or seeing the results like if they were projected like superimposed images in your sight, in what you see right now.
What will enable this radical change is again that technology has made it possible. Speech recognition and facial recognition is developing fast, as is speech synthesis. Screen and projection technologies are also developing at a rapid pace, as is wireless network connections.
Take a small wireless netbook – this gives you a great feeling of freedom today. Well, tomorrow you will not need to punch in the commands at the keyboard – you will just say them, show them, or (later) think them. You will not need to look at the screen to see the answer – just listen, or just watch the information you asked for projected in your own sight – right there in front of you.
Implications for security
All these developments give rise to important information security implications:
- Protect objects (information and services) as close to the source as possible, since it will be everywhere. E.g. encrypt your information before you send it to the cloud or out in space.
- Decide on access rights for subjects (people or processes) as close to the subject as possible, since both objects and subject will not be bound by time or space. E.g. use biometrics to ensure that the person accessing the information or service is the person expected.
- Lars Söderlund at Alliansor: The move towards thinner clients, with decreased storage and processing power at the client side, will increase the importance of availability of network connectivity as a part of information security.
- Your ideas here….
Please help develop these ideas by commenting this article. I will update the article using your comments.
#1 by Lars Söderlund - April 1st, 2009 at 06:56
This is a very interesting topic. I could include at least one more bullet. the connection services used in the future will be even more critical than today. Today, Yuo can at least do some work on your local computer if you´re not connected. In presented future scenario you will not be able to do anything if your internet access doesn´t work. Quality of service will need to be increased over time.
#2 by Fredrik Björck - April 1st, 2009 at 07:26
Hello Lars,
Good to hear from you! Yes! You are right. I think lost Internet connectivity essentially will mean lost processing power from the client/individual perspective in the near future. This is why it is surprising they still sell laptops and even netbooks without mobile broadband integrated. If I understand you correcly, you project that the client side will be even thinner in the future, and thereby be very connection dependent. I will update the article with these thoughts. Thank you!
/Fredrik
#3 by Cristina Ledesma - April 2nd, 2009 at 13:01
Lars,
I agree with you thought and specially I think that actual humanity is not prepared for this. Some days ago I have read an article in Obama page about the importance of Information Security in his period and I was suprised because one more time it refer to technology and platforms and not any mention to people!!!!. I think that our best challenge is to make a culture train and aware in IS issues. Till that moment we can not have one “Information Society”.
regards
Cristina Ledesma
Citi Uruguay
Security and Continuity Manager
#4 by Cdr. Vivek Miranda - April 5th, 2009 at 13:07
Fredrick,
Very intersting topic indeed. Key to an efficient Information Security Management lies in tackling People, Process and Technology. Many a times we tend to focus more on Technology and take a lenient view of the other two areas. The challenge is to get the people adequately infosec-aware and also make operations more infosec-robust thereby eliminating vulnerabilities that reain a cause for different threats to manifest.
#5 by Fredrik Björck - April 5th, 2009 at 13:26
Vivek Miranda,
Yes, you are right. The post is more focused on the implications for managing security technically, almost leaving out the human side of security. If we agree on the technical development ahead, what are the implications with regards to the human side of information security management? (open question to all readers)
#6 by Farah Malik - April 9th, 2009 at 08:48
Great post Fredrik – very thought provoking.
I would like to quote what Vivek has mentioned in his comment regarding the human aspect of security – I believe both need to go hand in hand i.e. the technical as well as the human side of it.
If I can relate to the ISO 27001 standard, it not only talks about the technicalities involved in it’s implementation but also covers the human side of it which makes it a management system. Where most standards strive towards building an effective and efficient infrastructure, dependant on system than people – the very basis of these standards is focus on striking a balance between people, process and technology – none of the 3 can be ignored.
#7 by Fredrik Björck - April 17th, 2009 at 23:07
Dear Farah Malik, Thank you for commenting. I do agree with you. In addition, I think the need for the human side in technology was made appearent already in the 1950-ties when Douglas McGregor wrote the “Human Side of Enterprise” (a book that has a lot to teach us in information security management, by the way).