This week at the annual RSA Conference, we will hear from industry leaders on a wide range of issues, from the supply chain security crisis to breach disclosure notifications. While it’s important to talk about where we have been and what is happening in the industry right now, it is equally as important to think about where we need to go.
At Google, that means creating a safer Internet that is more secure for the next billion users.
In order to create a safer Internet, our engineers, technologists and product teams look at what we know today and think about how it will change tomorrow – from analyzing trends in attacker methods, to shifts in the threat landscape, to new technologies – and we use those insights to chart the path ahead.
We recently asked security experts across Google to telegraph the future of security, here’s a glimpse at their insights:
What do you think the biggest security challenge will be in 10 years?
“Shifting the focus of security from the technical hygiene of code and configuration to self defending data will save time and resources while unlocking rapid and safe innovation.
Defense in depth and the control design we have learned from engineering methodologies will finally catch up to the dynamic nature of software. The better analogies will become biological - the immune system or the combination of organ systems like circulatory and respiratory. Independent and constantly evolving but stronger operating together in the same superorganism.” - Royal Hansen, Vice President, Security
“Developing a global, unified framework for operating in cyberspace will be the biggest security challenge we face in 10 years.
Data points to the positive effects of standards on innovation and collaboration, specifically through increased interoperability and reduced information inequality. We need to rethink how digital security standards are developed and operationalized, with an emphasis on the root challenge we seek to solve.” - Camille Stewart, Global Head of Product Security Strategy, Google
“Securing open source software will be the biggest security challenge we face in 10 years.
Over the next decade, the heavy use of open source software by billions of devices that fall into the ‘Internet of Things’ category, will cause the number of vulnerabilities to scale dramatically and outpace our ability to fix them before they are exploited.
For too long it has been assumed that open source software is inherently more secure due to its openness – the thought that multiple people were using it, reviewing it and verifying it. That mindset must shift. “ - Vint Cerf, Chief Internet Evangelist
“Complexity will be the greatest challenge we face.
So much of what we have to secure are systems made up of other systems. All of those seams increase the opportunity for attacks. This will only ring more true in 10 years when there are projected to be over 25 billion connected devices.” - Toni Gidwani, Security Engineering Manager, Threat Analysis Group
Where do you think the security industry will be in 10 years?
“Phishing will no longer be a successful attack vector for bad actors. Passwords will be a thing of the past as we see widespread adoption of a secure by default framework.
Our advancements in authentication and verification technology will completely transform how users sign in to their accounts, moving from a sea of passwords to continuous, device-based authentication that seamlessly connects us to our content wherever we are." - Mark Risher, Director of Product Management, Identity and User Security
“Security will be nearly invisible for all users and many of the standalone security tools will disappear. This will be a result of advanced security technologies being built into devices and platforms by default, instead of bolted on as an afterthought.
We will also see computing platforms based on simpler, similar models that will make them easier to protect, update and support – leading to democratization of security operations and ultimately breaking down the security talent shortage problem.” - Sunil Potti, Vice President and General Manager of Cloud Security
“In 10 years, Private Computing will be ubiquitous.
Most folks are aware of end-to-end encryption in private messaging and documents — this allows users to retain exclusive control over their private information and reduces risk from breaches and attacks, including ransomware. But the same concept applies to most aspects of personal digital technology, from home healthcare to photos to your private social network feeds. Delivering helpful, delightful, and safe user experiences - within the Private Computing model - is arguably the most important challenge for the tech world to embrace, today.” - Dave Kleidermacher, Vice President, Engineering, Android Security & Privacy
If you could make one immediate change to security what would it be?
“Risk transparency – organizations need real-time business context for security data.
Mapping security issues to business context to determine a risk level is a time consuming process. This delay ultimately leaves organizations at more risk for a security incident.
The good news is that change is on the horizon. Cloud makes risk transparency easier today, from well-lit security paths, declarative approaches like configuration as code and more precise inventories and diagnostics.” - Phil Venables, Chief Information Security Officer at Google Cloud
“Expedite IT modernization across governments globally to keep pace with the evolving threat landscape.
Achieving this would improve productivity, increase costs savings, enhance performance and ensure security every step of the way. Rather than continuing to invest in outdated security models, it’s time governments around the world explored options like a multi-vendor ecosystem and zero-trust security principles that allow for flexibility and innovation.” - Jeanette Manfra, Director for Risk and Compliance at Google Cloud
“Build security and digital literacy into the curriculum of every school program globally.
We need to solve the lack of understanding of the complex digital ecosystems in which we live our lives and address the cybersecurity skills and talent gap.” - Mark Johnston, Head of Security at Google Cloud , Asia- Pacific
“If I could make an immediate change to security, I'd have end user security and privacy be a requirement for all devices.
There aren't exceptions made for early versions or the less expensive product, security and privacy is a requirement, just like seat belts in cars.” - Maddie Stone, Security Researcher, Project Zero