This article can also be found in the Premium Editorial Download "Information Security magazine: Reflections on the impact of Sarbanes-Oxley."
Download it now to read this article plus other related content.
The View from Visionaries|
compiled by Marcia Savage
In 10 years, information security as we know it may not exist. Rather than a separate product, it may simply be embedded into everything. Or Web services may upend traditional enterprise security. We asked some of the best and brightest minds in the business what they see ahead and the answers were far ranging: everything from from attacks masked heavily with encryption to zombification of corporate networks. Some predict radical changes while others foresee more of the same. Read on for a peek into what the future may hold.
1 Whitfield Diffie
Vice president, Sun fellow and chief security officer, Sun Microsystems
Today, when we say that a company is doing its computing securely, we usually mean that it is doing the computing on its own computers and that it has taken whatever means are appropriate to
protect those computations. In 10 years, no major business computation will be secure in this sense. Today, every developer, manager and marketer uses Google a dozen times a day. In 10 years there will be thousands of Web services that, like Google, do things that you cannot realistically do for yourself. When this happens, what we call security today will have vanished forever.
2 Marcus Ranum
CSO, Tenable Network Security
Vulnerability pimps--excuse me, "security researchers"--will continue to publish flaws in critical software, saying that it's a crucial part of the process of making it better. Since this process has been going on for the last 10 years, and software hasn't gotten better, it will likely not get better in the next 10 years either. Meanwhile, the vulnerability pimps will keep buying and selling vulnerabilities and using them as marketing vehicles for their consulting services.
This was first published in January 2008