Thursday, December 06, 2007

Gloomy future for security

Bruce Schneier and Marcus Ranum posted their depressing conversation about our gloomy future in 10 years. Being both experts in security and software, they seem to share the same vision of the future.

For the starter, Bruce pointed that in 10 year, if Moore's law still applies as it does today, our computing power would be about 100x. While technological capacity doubling every few years, the human factor remains constant. Unfortunately, it is the very weakest link in the security chain. Bruce predicts that there wouldn't be any new kind of security threats. The old threats (fraud, theif, assaults...) will be carried out in different/more effective ways with new targets. Marcus follows with the focus on inherent security issues of ever more complex and poorly-designed software. He concludes that attackers would even find it easier to break those systems.

The part I like the most is when they discuss how current trend of everything-is-a-service would continue and lead us to a very unsettled future. Computing will become utility and customers (us) will have to pay for these services (email, software ...). We won't have to worry about running and managing the software. Same thing goes for our online security, as the idea is for us giving (all) data to the service provider and they'll take care of it. To certain (substantial) extents, this helps to eliminate security problems at end-point. On the other hand, we then have to trust those providers implicitly. And it's just getting scarier when we realize that those service providers are fighting the same security battle as we are doing now. Nothing guarantees that they would win. Last but not least, if these services show profit, who would be sure that our beloved and full-of-talented-people-who-copy-confidential-data-to-CDs would not want a share of it.

The more I think about it, the better I see how this everything-is-a-service trend emerges from many different forms. ISP, Software-as-Service (SaS) are the most visible ones. Trusted Computing also has a flavour of it. Bruce and Marcus also mentioned iPhone. But they seemed to forget a very big name: Google.

Still, there's a rule of us always overestimating things in short term and underestimating them in long term. Let's hope that they are being a little bit too pessimistic

1 Comments:

Blogger Tien Tuan Anh Dinh said...

2 other computing-as-service examples are:

1. Universities starting to outsource their email services to Google
2. Amazon launches an online database web service.

6:33 PM  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home