That's the name of my new column in the ISSA Journal. My first column is entitled "Security for the Next Decade." Here is an excerpt of how I think security will be changing over the long-term:
- Conscientious software – talk about software liability is absolutely destructive. But there is no reason software vendors shouldn’t be doing a better job of describing their software in some sort of machine-readable language that could be used by host intrusion prevention solutions (that already do this) or even by the software itself to self-regulate.
- Remote attestation - I hope every time you hear about Web 2.0, service-oriented architecture, virtualization, grid computing, and other buzzwords that you are concluding that remote attestation, using cryptographic verification of integrity and authenticity, is a near-term requirement. (Yes, PKI lives, and Palladium, too).
- Microsecurity - To heck with generalized, coarse controls. We need to design scalable models to address the most fine-grained, detailed security policies ever.
- Contextual mapping – Men, beware, there is no driving without maps, but GPS is NOT cheating. All of this flexibility in architectures is going to make the management of contexts crucial to the success of a security program.
- Hyperdynamic processing – Darn straight I am making this name up. What do you get when you combine vmWare’s Vmotion with address space layout randomization (ASLR)? Well, hyperdynamic processing, of course! Think about stable, transaction-oriented sessions (can I say that?) running in random locations across the Internet providing protection against lower-layer targeted attacks while maintaining a stable application environment.
Want some context? Check out the magazine or login (ISSA members) at the website.