Security and IT Operations in 2020

blog_thief.jpgAs we were writing the IT Operations 20/20 chapter of the Enterprise 20/20 vision, the increased need for security and privacy really jumped out at us. So many of the other aspects of a 2020 future are predicated upon security and privacy systems being in place to allow the other things to happen.  Security and privacy are like a firm foundation, without which we are building an IT future on sand.

 

Of course we have security threats today. But the increased number of people taking part in the internet and the increase in the number of "attack surfaces" thru things like smart devices and arrays of sensors means that we will need more security.

 

My daughter has just gone away to University. She is always ill. One of her professors explained that she has lead an "imuno-sheltered" life - she has lived in a small village with a small range of attackers on her immune system. She is now exposed to diseases from different cities in Britain and different parts of the world. Her immune system is in overdrive creating the models needed to fight all these attackers.  

 

Our IT systems of 2020 will be like my daughter's immune system - under attack from many more, unknown sources.  (The fact that my daughter spends a good amount of time at student parties has not helped her immune system either).

 

Let's break down the security threats of 2020 into a series of sub-topics.

 

A hacker explosion

Is it estimated that by 2020, there will be around 2 billion extra people with access to the internet.  Even if a small percentage of these new internet users become hackers, there will be hundreds of thousands of new hackers in the world.

 

"The internet is already a hostile place. By 2020, it is going to be far more so", says Patrick Goldsack, a Distinguished Technologist from HP's Cloud and Security Laboratories.

 

Mobile Application Malware

By 2020 there will be something like 1 million more mobile applications available . Malware is already starting to creep into mobile apps. With this huge increase in app numbers, the malware problem on mobile devices will be very serious unless we take active steps to control it.

 

Sadly, we should expect the mobile devices of the future to be dedicating a proportion of their processing power to fighting infections - like our PCs do today.

 

"Dirty" BYOD's

Despite these threats to mobile devices, employees will increasingly insist on being able to bring their own devices to work (BYOD, as its called). Companies will be forced to allow this, but in turn, they can't allow such "dirty" devices to pollute corporate networks.

 

Patrick Goldsack says. "Devices will have to be fully virtualized, with support from trusted hardware to enforce and validate the separation of personal and corporate data. The many personalities that users need to adopt, both work and personal, will be kept well isolated. This will enable an enterprise to manage their partitions and the applications within them without affecting, or being affected by, the partitions used for personal use such internet browsing or playing games."

 

Business Processes calling cloud services (which may also call cloud services)

Business Processes calling cloud services, which in turn, call cloud services By 2020, business processes will routinely call cloud services, which may, in turn, call other cloud services. Proving security and privacy thru these chains of calls is going to be very difficult - but essential.

 

Large SaaS companies - a scalp in the hackers' belt

Today, it's hard to attack a lot of small and medium businesses at the same time because they are heterogeneous  systems - you can't create an attack that gets all of them. However, as SMBs  move much of their infrastructure and applications into the cloud, we'll probably end up with very large, homogenous cloud providers.

 

This is a perfect target for a hacker, maybe thru infecting the open source management tools that cloud providers use, or thru rogue cloud provider employees. An attack on a large cloud provider could then take down thousands of small and medium businesses.

 

Security and Smart Devices and Sensor Arrays

By 2020, there will over a trillion sensors and smart devices, many of which will be accessible to the public. This leaves them vulnerable to attack. They could be made to feed us false data or could be given false commands.  Also, unless the firmware for smart devices and sensor arrays is well protected, it could be modified by a hacker.

 

Sensor Data and Privacy

With the increase in sensor data will come a demand for increased privacy.

 

For example, smart metering is great - it allows power companies to balance and even control demand. But that same data that achieves this can also be used to tell criminals if you are home or not.

 

Or, while RFID tags help retailers, it can also tell anyone where you bought all your belongings.

 

Facial recognition software is hotting up as a technology (both FaceBook and Google now own the capability), but is a lot of concern regarding how it will be used. For example, we don't want "smart adverts" recognising us as we walk down the straight and focussing an advert specifically on us.

 

Privacy and collaboration

In the CIO Chapter, we talked about the disaggregation of the enterprise and the increased use of affiliates in project teams and supply chains. One of the "currencies of collaboration" for such teams is unstructured information like documents.

 

Teams of affiliates want to be able to work on documents and the like without compromising privacy of their companies. For example, I may want to share parts of an HP Labs research document with a contractor working on an article on IT futures. I may even want him to take part in the creation of a portion of the document. But I don't want him to see all the document. The NATO commanders during the recent Libyan offensive hit this problem. They had to read out documents to their counterparts because they didn't want them to see the whole document.

 

There will be a dedicated Security 20/20 chapter in 2013

The security issues we will face in 2020 proved to be such a rich topic that we have decided to dedicate a whole chapter to it in the new year. For now, there is a section on Security in the new IT Operations 20/20 chapter of the Enterprise 20/20 crowd sourced vision.

 

Author : Mike Shaw

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Mike has been with HP for 30 years. Half of that time was in R&D, mainly as an architect. The other 15 years has been spent in product manag...
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.