The future of IT Security

In my previous post I scrutinized the factors that stirred up the development of the WWW as we know it today and that led to a boom in cybercrime. In this post I will outline what is the stake for users, security vendors and governments.

The end-user’s need for protection has increased and steered from a static and machine-centered approach towards a network-driven and on-line oriented philosophy. Security vendors have acted accordingly by re-designing and engineering the old and, to some extent, simplistic antivirus solutions into more comprehensive defensive suites with highly customizable modules which fit everybody’s needs for protection (firewalls, content filters, phishing and spam shields, privacy and sensitive data protection, parental and application control, network management, e-mail and instant messaging encryption, etc.). Probably the most spectacular development is to be found in the so-called “in-the-cloud” solutions, which are somehow the direct result or offspring (if we may call it so) of exactly the same principles and architecture behind the WWW.

In their turn, governments across the world have understood that IT&C security is no longer an individual or private issue. The recent Digital Agenda released by the European Commission emphasizes that digital security aims at maximizing the potential of technologies so as to fuel job creation, sustainability and social inclusion. The document clearly states that “users must be safe and secure when they connect online” and that “just like in the physical world, cybercrime cannot be tolerated”, although it admits that “IT networks and end users’ terminals remain vulnerable to a wide range of evolving threats”. One direction in which these threats evolve is that of politically motivated acts, as shown by the recent cases of Estonia, Lithuania and Georgia.

In the years to come, the EU envisages the creation of a strategy on identity management, notably for secure and effective e-Government services, of a consolidated Network and Information Security Policy, including legislative initiatives such as a modernized European Network and Information Security Agency (ENISA), and the setting up of measures allowing for a faster response in the event of cyber attacks. This includes establishing a Computer Emergency Response Team (CERT) for the EU institutions, related rules on jurisdiction in cyberspace at European and international levels by 2013, as well as a European cybercrime platform by 2012 and a European cybercrime centre. In other words, this is a quest for transnational (and, to some extent global) means and instruments to regain an equilibrium as, in my opinion, the balance has been more on the cybercrime side so far.

In an age where the mass production and accessibility of computers have turned these devices into regular household commodities, and where smart phones, netbooks and other gadgets link billions of people every day via Wi-Fi or 3G for simple e-mail exchange, e-commerce or for e-banking transactions, sensitive data and money are transferred back and forth in the e-trading of real and virtual assets and services on the declining markets and tormented stock exchanges of the current economic turmoil. In my opinion, it is most likely that the future will continue to be a race against the clock between two major competitors. On the one side, the cybercriminals – looking to maximize their profits. On the other side, three categories of cybercrime antagonists: the security vendors – developing technologies and concentrating on innovative countermeasures, the end-users – demanding more robust platforms, increasing their level of awareness and security proficiency, and governments – searching to create more agile frameworks and a reliable infrastructure to fight and prevent cybercrime.

Safe surfing everybody!

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of their respective owners.