Revolution Or Evolution Exec Summary


Published on

Executive Summary only. Please let me know if you want the full report.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Revolution Or Evolution Exec Summary

  1. 1. Information security Revolution or evolution? Information Security 2020: Executive Summary Prepared by pwc
  2. 2. Revolution or evolution? About the Technology Strategy Board About PricewaterhouseCoopers LLP The Technology Strategy Board is a business-led executive non- PricewaterhouseCoopers LLP provides industry-focused assurance, departmental public body, established by the Government. Its role tax and advisory services to build public trust and enhance value for is to promote and support research into, and development and our clients and their stakeholders. More than 163,000 people in 151 exploitation of, technology and innovation for the benefit of UK countries across our network share their thinking, experience and business, in order to increase economic growth and improve solutions to develop fresh perspectives and practical advice. quality of life.
  3. 3. Revolution or evolution? About this roadmap This roadmap was commissioned by the Technology Strategy Board and jointly prepared with PricewaterhouseCoopers LLP (UK). The purpose of this roadmap is to set We subsequently held a workshop with Chatham House, Cisco, Credit Suisse, out the drivers that will shape the future over 40 experts to validate the trends Cyveillance, De Montfort University, Information Security environment to and explore them in further detail. Digital Systems Knowledge Transfer 2020 and beyond. This roadmap is to Network, European Information Society The research focuses on the commercial inform business leaders and security Group, Garlik, Hewlett Packard, IBM, aspects of Information Security, but professionals alike, and sets out potential IdenTrust, Information Commissioner’s remains cognisant of trends in cyber 1 future scenarios and issues around Office, Information Security Forum, security and warfare for military and information security, allowing the reader Kaspersky Lab, Lloyd’s of London, intelligence applications. Our research to draw implications and conclusions that McAfee, Methods Consulting, National primarily illustrates trends in the UK apply to them. Grid, Ministry of Defence, Nokia, Information Security market, but the Office of Cyber Security, Oracle, In preparing this roadmap we interviewed implications are relevant globally. PGP Encryption, QinetiQ, Queens over 35 leading Information Security We would like to thank the following University, Royal Holloway University, experts and business leaders across the organisations for their participation RSA, Security Innovation & Technology private sector, academia and government in the research: AstraZeneca, BBC, Consortium, Skype, Symantec, to determine the key trends that are likely Birmingham University, British Technology Strategy Board, Travelex, to impact Information Security to 2020. Business Federation Authority, BT, Trend Micro, as well as several others who would prefer to remain anonymous.
  4. 4. Revolution or evolution? Executive summary 2 Information Security is a much broader concept than technology. It relates to protecting information and information systems from unauthorised access, use, disclosure, disruption, modification or destruction. As the volume of information grows and continues to be increasingly stored and communicated in electronic form, Information Security is rapidly becoming intertwined with technology, and more specifically, the internet. This has given rise to the term Cyber Security and for it to be used interchangeably with Information Security. This roadmap is for business leaders and security professionals alike, and sets out potential future scenarios and issues around Information Security, allowing the reader to draw implications and conclusions that apply to them.
  5. 5. Revolution or evolution? 3 Information Security, whilst being a globalisation, climate change, regulation has been a key aspect of Information very current and topical issue, is also and evolving demographics. These Security in recent years, but increasingly, an emerging sector that is undergoing will present opportunities and risks for organisations are realising that processes significant change. The main suppliers organisations in dealing with Information and people are overlooked components shaping the Information Security industry Security issues, and also companies when developing holistic approaches are a converging group of technology providing Information Security products to Information Security. By 2020, there vendors, system integrators, consultants and services. There is likely to be a may be a reversion to technology being and aerospace & defence companies. greater degree of segmentation within the the key strand to Information Security, The available market research does not Information Security market in the future driven by significant increases in the provide a consensus on the size of the as suppliers specialise to meet the needs volume of data, speed of processing IT security market, the best proxy for the of specific groups. For example, the and communication technology, and Information Security market. The range rising importance of Information Security the emergence of more complex and of market research suggests that the IT in the healthcare sector as services are automated threats. security market is worth approximately increasingly provided electronically is £4-5bn per year in the UK and is likely to drive specific regulatory and growing strongly. technology requirements. Over the next decade, Information Information Security is often considered Security requirements will be driven by to have three components; technology, various macro level factors, such as processes and people. Technology
  6. 6. Revolution or evolution? 4 The research identified seven interrelated networks are enabling faster static and Regulation and standards will be key trends that are likely to drive change mobile broadband access. By 2020, important drivers of Information Security in Information Security through to 2020 ubiquitous devices will seamlessly and over the next decade, but will need to and beyond – see diagram overleaf. automatically interact with other devices keep pace and evolve as technology and The first three trends relate to changes around them, adapting functionality to its uses develop. There is likely to be in technology, whilst the following three their local environment and other objects increasing pressure towards regulation trends reflect changing patterns in how in their proximity. in information security, with privacy and people use technology and the internet. consent being a key driver. The volume of private information being Finally, trust and identity are universal shared has escalated significantly over Proving identity and establishing trust are themes which are intertwined with many the last decade, particularly driven by two of the greatest challenges identified of the prior trends. These trends have social networking, and this is likely to in the research. In 2020 as people implications for organisations of all continue. Additionally, the volume and spend an increasing proportion of their sizes, individuals, governments and the value of transactions through electronic time online, identity becomes a greater Information Security industry. channels is expected to continue to rise. challenge because fewer interactions The building blocks of modern These trends suggest that cyber criminals will be face-to-face, a greater volume communication technology are rapidly will increasingly be willing to invest of private information may be available evolving and we see this change all further resources in developing more online and new technologies could make around us. Televisions are blurring sophisticated attacks. it easier to impersonate individuals. with computers, feature rich mobile devices are becoming more prevalent and fibre optic cables and wireless
  7. 7. 5 Revolution or evolution? Key trends impacting Information Security to 2020 • Increase in penetration of high speed broadband and wireless networks • Centralisation of computing resources and widespread adoption of cloud computing 1 • Proliferation of IP (internet protocol) connected devices and growth in functionality Infrastructure • Improved global ICT (Information and Communications Technology) infrastructure enabling greater outsourcing revolution • Device convergence and increasing modularisation of software components • Blurring work/personal life divide and ‘Bring Your Own’ approach to enterprise IT • Evolution in user interfaces and emergence of potentially disruptive technologies • Greater sharing of sensitive data between organisations and individuals 2 • A significant increase in visual data • More people connected globally Data explosion • Greater automated traffic from devices Key longer term drivers • A multiplication of devices and applications generating traffic • A greater need for the classification of data Globalisation 3 An always-on, • Greater connectivity between people driven by social networking and other platforms • Increasingly seamless connectivity between devices always-connected Increased focus on climate change • Increasing information connectivity and data mining world • Increased Critical National Infrastructure and public services connectivity Shifting global economic centres 4 • Rising levels of electronic and mobile commerce and banking Changing demographics Future • Development of new banking models finance • Growth in new payment models • Emergence of digital cash Increasing regulation / governance Increasing reliance on technology 5 Tougher • Increasing regulation relating to privacy and information regulation • Increasing standards on Information Security • Globalisation and net neutrality as opposing forces to regulation and standardisation and standards Changing attitudes towards privacy Evolving work / home balance • Greater censorship 6 • Political motivations driving new state/regional internets Multiple internets • New and more secure internets • Closed social networks • Growth in paid content 7 New identity • The effectiveness of current identity concepts continues to decline and trust • Identity becomes increasingly important in the move from perimeter to information based security models • New models of trust develop for people, infrastructure, including devices, and data
  8. 8. Revolution or evolution? 6 The research indicated that there is effective Information Security in place the organisation in the form of increased a need for a proactive approach to could increasingly attract consumers to spending on Information Security Information Security from all stakeholders use their products/services. Information solutions, loss of intellectual property, given the rising complexity and volume Security could also provide opportunities loss of market share and hence income, of threats. to sell products/services through new and damage to its brand. channels or interact with customers in Organisations should ensure that In the second scenario, the organisation new ways that are not possible today due approaches to Information Security takes a more proactive approach to concerns about privacy and consent. are holistic and consider technology, to Information Security. It invests in processes and people. Approaches need Organisations need to consider both Information Security solutions and to adapt to rapidly changing threats the potential benefits and costs of benefits from greater trust from its and technology, and also to changes in their approach to Information Security customers and gains in market share, regulations and standards. However, it is with a holistic approach like the ‘Total higher price points relative to its peers important that organisations also focus Lifecycle Cost of Information Security’ and agility in adapting its Information on aspects of Information Security that model shown overleaf. This illustration Security approach to market changes. are not necessarily driven by regulation demonstrates the potential long term In this example, the organisation could and standards, for example, protecting impact of two different approaches to be replaced with an industry, country or commercially sensitive information or Information Security. even a region. intellectual property. In the first scenario, the organisation Increasing focus on Information does not have an appropriate approach Security could also provide competitive to Information Security. It then suffers advantage. Organisations that have from an ‘event’ which causes cost to
  9. 9. Revolution or evolution? 7 There are many uncertainties with respect Figure 1: The cost of inaction – two illustrative scenarios for an organisation’s approach to Information Security to how Information Security will evolve over the next decade. However, it is Total Lifecycle Cost of Information Security certain that new Information Security requirements will require businesses to ‘Reactive’ approach innovate to develop new products and services. This will provide opportunities Cost of inaction both for businesses, to develop new ‘Proactive’ approach business models and generate competitive advantage and for financial investors alike. It will also stimulate economic growth through consumption and exports, and make the UK a safer place to do business. Key event Are you up to the challenge? 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 Definition Lifecycle costs Total Lifecycle Cost of of deploying and Reputational Intellectual Operational Financial impact Information Security = operating security + value + Property value + effectiveness + of incidents solutions • Hardware / • Brand volume • R&D information • Productivity • Direct financial software solutions • Customer • Customer • Ability to service loss from attack • Training satisfaction/ databases customers • Consultancy costs confidence • Competitive • Cost to serve • People costs information customers
  10. 10. For further information about this roadmap contact: Andrew Tyrer Neil Hampson Leader, Network Security Innovation Platform Partner, Strategy Technology Strategy Board PricewaterhouseCoopers LLP (UK) Paul Lewis Barry Jaber Lead Technologist, Network Security Innovation Platform Assistant Director, Strategy Technology Strategy Board PricewaterhouseCoopers LLP (UK) William Beer Director, OneSecurity PricewaterhouseCoopers LLP (UK) We would also like to acknowledge the contribution of Greg Bacon (PwC), Jason Creasey (ISF) and Andrew Wilson (PwC). For information on the Technology Strategy Board: For information on PricewaterhouseCoopers LLP: This report has been prepared by the Technology Strategy Board together with PricewaterhouseCoopers LLP, UK (“PwC”) for Technology Strategy Board under the terms of the engagement contract with PwC dated 31st March 2010 (the “Engagement”). This report is for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this report without obtaining specific professional advice. This report contains information obtained or derived from a variety of sources (as indicated within the report). PwC has not sought to establish the reliability of those sources or verified the information so provided. Accordingly no representation or warranty of any kind (whether express or implied) is given by PwC to any person (except to the Technology Strategy Board under the relevant terms of the Engagement) as to the accuracy or completeness of the information in this report. PwC accepts no duty of care to any person (except to the Technology Strategy Board under the relevant terms of the Engagement) for the preparation of the report. Accordingly, regardless of the form of action, whether in contract, tort or otherwise, and to the extent permitted by applicable law, PwC accepts no liability of any kind and disclaims all responsibility for the consequences of any person (other than the Technology Strategy Board on the above basis) acting or refraining to act in reliance on the report or any information contained in the report or for any decisions made or not made which are based upon this report or information therein. The quotes in this report reflect the views of the individuals and are not necessarily the views of their organisations. © Technology Strategy Board, 2010. Publication: T10/037