Tom Espiner surveys the security landscape for the shape of things to come.
When my editor asked me to predict what would happen to security over the coming year, and over the next 10 years, my heart sank. The permanency of internet publishing, caching and so forth means predictions have a habit of coming back to haunt you.
Plus, I'm a firm believer in chaos theory and the natural entropy of any system. So any detailed prediction is unlikely to come true — just look at the weekly weather forecast.
Nevertheless, I shall bite the bullet and make my predictions for the security landscape at the end of next year and in 10 years' time. Just make sure you keep a copy of this article, ready for ridicule in 2020.
1. Ubiquitous cloud computing
By the end of 2010, more companies will have moved their data into the cloud, and this process will continue over the next 10 years. Cloud computing makes sense from an economic point of view, but it will bring fresh security challenges for IT professionals.
Smaller companies will reap the benefits of the security mechanisms of cloud providers, which are generally very good, but having all your data in one basket constitutes a security problem. Even one security breach, just one server successfully hacked, could spell disaster.
My advice: make sure your cloud provider federates and encrypts your data. In addition, European data-protection law requires that data held by a European company must be hosted in a European datacentre.
2. ID and access management
Identity and access management will become increasingly important. As the cloud grows, it will also become vital to give employees and third-party contractors access to business systems. A number of companies have recognised this issue and brought out products to address it.
3. Public sector moves online
There are a number of laudable UK government IT aims at the moment, one of which is to provide a government cloud, known as the G Cloud.
Another is to increase accessibility to services, by educating people and making websites easier to use.
The government also wants to make public data available in a format that allows mash-ups. All well and good, but of course these policies bring security issues.
The government's record of keeping our data safe is appalling. There has been an avalanche of reported data-breach incidents following the loss of 25 million child-benefit claimant details by HM Revenue & Customs in 2007.
Government data-sharing plans will facilitate the flow of data, but they also mean it can be more easily compromised — either by hacking the government systems, bribing government employees or through civil-service incompetence and complacency. The government is only now waking up to the value of our data.
More government websites with transaction mechanisms will mean more attacks on citizens through phishing and man-in-the-middle attacks. Weak encryption on Wi-Fi networks is not going to go away, making such attacks more likely.
That said, in 10 years' time we shall probably see fifth- or sixth-generation networking standards being deployed, with improved security built in from scratch.
4. The internet of things
As more devices become internet-capable, the internet will move to the 'internet of things'. For example, you will be able to hook up your fridge to the internet. Sensors in the fridge will allow you to automate online food shopping. Running out of milk? Your fridge will order some more.
However, this development will obviously require very strict security and privacy measures to be successful. That kind of data will become very valuable from a marketing perspective and so will need to be protected.
Device manufacturers will also have to be aware of possible unintended security consequences of networking devices on a grand scale. Your fridge should not become a means of compromising business data on the home network, for example.
Surveillance is also in danger of becoming ubiquitous, as cameras and other bugging devices become so small you cannot see them.
5. Mesh networks
Mesh networks, where devices act as traffic-carrying nodes, are a fantastic idea that has yet to take off. Some experts think mesh networking will become more popular. But the security implications of mesh are profound.
If you have a series of nodes that are carrying internet traffic, only some of them...
