Rejoice - security is evolving after all
Shows are a good place to see how the industry is changing in the flesh.
By John E. Dunn | Published: 12:00, 05 April 2006
Infosecurity Europe has grown from a small show on the industrys sidelines to perhaps its best event, replacing much bigger but less satisfying UK shows in the process. In computing, where once big was good, and general the preferred theme, now its small and specialised that pulls in the audiences and sponsors.
That a show on security technologies should have become a notable date in the calendar would have sounded implausible only a decade ago. Computing is an industry founded on confidence, on using new technology to do things in new ways, and security is, on the face of it at least, about neither of these things. Traditionally, it has been seen as defensive, about locking down computing systems against misuse, but doing so in a relatively passive and additive way.
Luckily for all the people who now make their living selling security systems, the Internet suddenly became a public network, and went native. From being a tightly-controlled realm of academics and government, it was in a matter of a few short years turned into an anything-goes science lab for new ideas and products bolted atop a system designed for simple email exchange.
The Internet was supposed to the be the inter-network that could survive a nuclear war, but its a fair bet that nobody mentioned real-time video, teenagers making phone calls and P2P data networks in its founding prospectus, and thats only the traffic burden it has been asked to carry.
Making these exciting applications work to plan has turned out to be a bit more complicated that originally envisioned. In truth, computing was always heading for a show-down with security. Its emergence as a dominating theme is poorly explained using the tired metaphors of closing windows or locking doors. Many of computings best promises are simply undeliverable without properly integrated security.
With every new Infosecurity show, we learn a little more about how complex security is turning out to be. At the moment, and for the near future, security is a cost because it is a realm of engineering that needs to be added after the fact. For instance, firewalls are specialised devices that live in a little world all of their own, as are their ostensible replacement in the form of unified threat management devices (UTMs) just as software equivalents such as anti-virus or anti-spam are standalone programs. The future will look very different. The security function will be built into the very fabric of any device or program from the word go, and that alone will probably cut its cost compared to today by an unknown factor.
The old-fashioned packet sniffing function will probably be a single sub-unit on an all-purpose security chip that will carry out a host of security functions, most of them considered legacies from the way the world used to be. By that time, whole product areas we know today as discrete will have disappeared on to silicon never to be thought of again.
Perhaps, by the time this happens, the last frontier for security salesmen will be performance, which it is fair to say is still a problem for most security systems. No matter what the UTM people say, putting lots of security features on a single device without causing cost or performance problems is still a challenge. Security human as well as machine-driven - is even now a synonym for slow.
The challenge for the buyer is to keep up with the changes that are coming. A day at a show and a day at the same show a year later - is probably the first place to sharpen those senses.