The document discusses future security challenges at the ZACon conference. It summarizes opinions that information security problems have persisted for 25 years and hacking capabilities now exceed anti-virus budgets. It then explores emerging security frontiers like the semantic web, social networking, human-machine interfaces, virtual worlds, and technologies that are already here like service-oriented architectures and cloud computing. Each new development exceeds our current capacity to secure systems and properly manage related data and risks. The document calls for a risk-based progression in security as new technologies evolve.

1. Future Security
ZACon Conference
A Olivier
anthony.desmond.olivier@gmail.com
Twitter: anthonyolivier
www.discussIT.co.za

2. Opinions
“We have had the same Information Security problems for 25 years. We
still haven’t solved them”
“For $200.000 dollars you can hire the hacking team that will crack
anything. That’s less than the average American bank’s Anti Virus
budget”
“We are being overwhelmed by governance”
“The complexity of new IT systems exceeds our capacities to secure them”

3. The security cost curve?
This is the
security
frontier
Operations New Opportunity cost
Process Process Process
Data Data Data
Applications Applications Applications
Systems Systems Systems
Perimeter Perimeter Perimeter

4. `The Frontier: Semantic Web
The Semantic Web is an evolving development of
the World Wide Web in which the meaning
(semantics) of information and services on the web is
defined, making it possible for the web to understand
and satisfy the requests of people and machines to use
the web content
(wikipedia)

5. The Frontier: Social
Networking
! Gartner predictions:
! By 2012 more than half the people we communicate with in
our personal lives we will never have met face to face
! By 2012 Social Networking tools will have superseded eMail
for personal communications
! New developments: Google Wave, Twitter Lists, search from
Google and Bing
! Legal implications unclear – what Wave document is legal?
! Targeted SN attacks – while the individual gives away
information. Privacy – yesterday Google modified their
dashboard to provide users with privacy controls

6. The Frontier: Man Machine
Interface
! Shift towards more natural interface, with implications
for an “engaged network”
! Microsoft Surface
! Microsoft Natal
! Emotiv
! Nike Run
! Information collection capabilities exceed our ability to
manage the data about us (notwithstanding Google’s
efforts)

7. The Frontier: Virtual Worlds
! Virtual worlds most likely to evolve into business
focused tools: Toyota, Wells Fargo, IBM, Cisco et al
! Money laundering
! Revenue streams: the hairdressers of the virtual world
! Virtual worlds hint at a new reality: the intersection of
technologies in which multiple personalities in
multiple contexts become the norm.

8. The Frontier: Already Here
! Service Oriented Architectures:
! Existing standards (WSS) address only part of the problem
! Consider the privacy issues surfaced by Google Street Level
View
! Where does mashup liability reside
! Cloud computing:
! Economics will drive IT into the cloud
! Publicized security failures already: companies will be driven
to lower their guards in order to remain competitive.

9. A Risk-Based Progression
Restrictions

10. Debate