The IT technologies are changing from closed on premise infrastructure to cloud platform. Security is no longer segregated trusted zone but more zero trust approach. What will happen in 2025 of Information Security industry? Any focusing areas and new opportunities? Here’s my point of view.
- Secure the cloud
There are still many companies and industries with traditional IT architecture relying on on premise system. Edge firewalls, and complicated Internet Gateways are their core multiple layers of security defence. It is a long journey for them to move into Cloud.
Within Cloud, Security needs to help business ensure at least same level of C.I.A (Confidentiality, Integrity, Availability). Security also needs to prove adequate controls can be applied.
The challenge in Cloud is the separation of role and responsibility between Cloud provider and customer for the security protection. And to gain visibility, to detect abnormality in the new technologies environment.
So in the next five years, it is still the focusing areas for security industry to secure the Cloud. We need new security technologies and tools for the GRC in Cloud and secure Engineering in Cloud.
- AI – Angel or Evil?
I strongly believe AI will be the next big technological shift after Internet economy, Cloud and Big data. AI is Artificial Intelligence to let computer and machine to have human-like abilities of hearing, seeing, reasoning, and learning. It will dramatically grant machine abilities of problem solving and big data analyzing.
It can definitely help human being from all the aspects. Regarding the security domains, AI will facilitate SIEM like log analytics solution into next smart and self-awareness level. AI can help security Operation teams to detect and defend cyber security attacks at much earlier stage and more efficient.
With AI, people can study encrypted traffic from another angle – pattern. For the traffic and content monitoring perspective, it is no longer required to fully decrypt the traffic but still be able to ‘guess’ the possible activity within the encrypted traffic. This is a double-edged sword, can be helpful for security researchers, but also can harm the foundation of security. Especially some encryption algorithms.
Because AI is armed with unlimited computing power, big and huge amount of data processing is its strength. While symmetric encryption is more rely on the difficulty and time consuming of computer, this is not a challenge for AI anymore. They use hackers’ knowledge and learn to how hackers think, they can combine brute force attacks with all sources of dictionary attacks and even social engineering to conquer a target.
The revolution of encryption and anonymity will have a big needs in the next 5 years with the widely use of AI. So is AI good or bad for security?
- Conflict in Privacy
People already feel eager of privacy protection. More and more people cares what information and personal data is shared when using applications. IT guys like to tweak with the privacy settings in each system and application in order to limit the information to be disclosed. Some laws have been setup (GDPR) to mandatory require every company to take responsibility for the privacy protection. Nowadays, lot of people know that should disallow doggy application to access contact lists, location info and photos.
However, almost every company, every applications want your privacy data. They hope you use their cloud storage, they hope you store your real data, such as photos, memos, todo list, email, IMs etc into their infrastructure. So that they can gain revenue based on your info. They can analyse your habits and interest then push targeted advertisement and service to you. Sometimes, they know you better than your partner.
The reality is cruel. While individual is trying to fight for the privacy rights, government sometimes invades personal privacy with the excuse of national security. Government use new technologies, especially big data and AI to monitor public audience and trace targeted person.
Where we can escape?
Any new ways we can keep our privacy in 2025?