Feature

How Sarbanes-Oxley changed the information security profession

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Reflections on the impact of Sarbanes-Oxley."

Download it now to read this article plus other related content.

 

Face Off

Bruce Schneier
I think we've already suffered that kind of critical systems failure.

The August 2003 blackout that covered much of northeastern United States and Canada--50 million people--was caused by a software bug.

I don't disagree that things will continue to get worse. Complexity is the worst enemy of security, and the Internet--and the computers and processes connected to it--is getting more complex all the time. So things are getting worse, even though security technology is improving. One could say those critical insecurities are another emergent property of the 100x world of 2017.

Yes, IT systems will continue to become more critical to our infrastructure--banking, communications, utilities, defense, everything.

By 2017, the interconnections will be so critical that it will probably be cost-effective--and low-risk--for a terrorist organization to attack over the Internet. I also deride talk of cyberterror today, but I don't think I will in another 10 years.

While the trends of increased complexity and poor management don't look good, there is another trend that points to more security--but neither you nor I is going to like it. That trend is IT as a service.

By 2017,

    Requires Free Membership to View

people and organizations won't be buying computers and connectivity the way they are today. The world will be dominated by telcos, large ISPs and systems integration companies, and computing will look a lot like a utility. Companies will be selling services, not products: email services, application services, entertainment services. We're starting to see this trend today, and it's going to take off in the next 10 years. Where this affects security is that by 2017, people and organizations won't have a lot of control over their security. Everything will be handled at the ISPs and in the backbone. The free-wheeling days of general-use PCs will be largely over. Think of the iPhone model: You get what Apple decides to give you, and if you try to hack your phone, they can disable it remotely. We techie geeks won't like it, but it's the future. The Internet is all about commerce, and commerce won't survive any other way.

 

This was first published in January 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: