Security Year in Review by Melisa LaBancz
The development of the security scene in 2002
In my opinion the security scene has gone from being very heavily virus and random hacker oriented to focusing on the possibility of cyberterrorism and internal/external massive hacks. We are seeing a lot less emphasis on virus scanners, although they are of course still critical, and a lot more emphasis on products centering on identification such as smart cards, biometrics, single sign on, and even functionality surrounding protocols that identify such as HIPPA, or SAML.
I’ve also observed an interesting trend toward individual right to privacy juxtaposed against this new battle for identifying people. Take forensics for example. Forensics are pervasive in that they can essentially mirror your every move on a computer or network and recover vast amounts of hidden/deleted/repartitioned data, and that is used to fight internal and external crimes. However, the public views this sort of technology as invasive and in some cases, feel it violates their basic human rights. I disagree, but that isn’t the point.
2002 saw a waning in the areas of PKI as a tool and watched it morph into more of a “solution”, an “added bonus” if you will.
Smartcards are and always have been a darling of the security market, but I didn’t see anything too fascinating in that arena, other than the continuing argument of the British in that they definitely do not want smartIDs and the implementation of the American Military SmartID program that the Department of Defense has been actively and successfully deploying.
Biometrics seem to be such a niche and cult thing that it’s hard for me to say that 2002 brought it any more glory than it originally had. There are large groups of believers in all forms of biometrics, and definitely they have their uses, but we do not, as a world, have the infrastructure in place to support it.
I saw a growth and interest in the areas of single sign on and forensics. Forensics have moved from being strictly law enforcement to having enterprise capability, and single sign on with both its authentication and authorization capabilities,(Such as Oblix’s products), are definitely paving the way for multi-connected and economical ways of e-living.
The events that marked this year
Events? Mostly the U.S.A.’s determination to form and implement successful homeland and cybersecurity teams. With the complete renovation of the FBI, CIA, and top security organizations, better and more cutting-edge technology is being deployed. The Bureaus are now reaching outside of their own walls and coming to industry for support and products that can help enhance and provide for the continued security of the U.S.
The ongoing Iraq investigations and the Afghan war. These are two highly compelling events that directly affect our security industry. Tracking of terrorists and keeping an “eye” on these folks is all done with state of the art technology.
An interesting item is the supercomputer in Japan. Now that there is computational power greater than anything the U.S. has done, there are fears that the U.S. will fall behind in critical defense objectives. I am taking a neutral stance on this because the supercomputer we’re speaking of requires massive support, environmental specializations, and maintenance to run. It’s not a feasibly easy weapon of war.
Also of note is the mass of identity theft busts that are occurring in the U.S. and abroad. All of this was made possible through the use of technology. Credit card companies are exploring biometrics, but again, the infrastructure isn’t there to support full scale implementation.
What 2003 will bring
I do think there will be a much heavier focus on internal investigative security products in 2003. Forensics are growing at a phenomenal speed with good reason. With the advent of Enterprise functionality, required internal audits are made much easier and more precise. Investigation into incidents and remote response to these incidents becomes a requirement of doing business.
I see further development in the area of single sign on and more usable examples of its implementation. I know its currently in use at AMEX but I think Universities and governments may want to explore that option.
I do see some form of National ID card becoming mandatory in the UK and the U.S., but I could be very wrong.
I believe that our security market has been completely over saturated with products. There are numerous suites, customizables, add-ons and supertools and it’s very confusing at times. I believe we will continue to see the death of mediocre vendors and the slow amputation of security analyst firms from our industry. More and more companies are turning toward capable staff to handle security issues and less and less are relying on the big analyst firms.