|
The View from Visionaries
8 Howard Schmidt
Former White House cybersecurity adviser, president and CEO of R&H Security Consulting
The trend in the next five to 10 years will be to significantly increase security professional certifications...in the various disciplines--for example, secure application development and governance. We'll [also] see IT professionals who aren't necessarily security people getting the same sort of certifications that have traditionally been reserved for security folks.
Data lifecycle is a problem we'll have to struggle with--that's how to create data that has a specific life term where it's good, for example, long enough to get a credit card issued then it self destructs. ...The whole data management issue--how to find and keep data, the encryption issues--is something we'll be dealing with for the next five to 10 years.
Lastly, we're struggling with the whole concept of identity management. This is truly a global issue. ...We need to develop a new world system that basically allows us to control our identity and thereby gives us the ability to protect it and ensure that if it is compromised, we can recover it in a relatively short amount of time without depending on eve...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
rybody else in the world to protect us after something bad has happened.
9 Martin Roesch
CTO and founder of Sourcefire and creator of Snort
The threat community will continue to accelerate and become more sophisticated. As the rate of release and sophistication of threats increases, it will become increasingly difficult to characterize those threats ahead of time.
Attackers will concentrate on end hosts more than ever as a way to leverage access to critical servers in ways that are difficult to detect. Encryp- tion will also be used more heavily to mask any overt attack methods as well.
Defenders will have to rely much more heavily on awareness technologies to understand the operational environment that they're protecting and change in that environment that heralds security events. They will also need much heavier automation to perform analysis of data coming out of the environment and to take action when security events happen in order to have response in relevant timeframes.
Host-based defenses will become critically important as the trends of rapid exploit development, client-side attacks and near-pervasive encryption combine to limit the effectiveness of intrusion prevention systems, firewalls and content-analysis systems.
|
