Aside from all the ugly new terms coined to describe the phenomena, the evolution of security is one of the most under-appreciated stories of the decade. The next decade is going to be even more important to how we live our lives:
There’s really no such thing as security in the abstract. Security can only be defined in relation to something else. You’re secure from something or against something. In the next 10 years, the traditional definition of IT security — that it protects you from hackers, criminals, and other bad guys — will undergo a radical shift. Instead of protecting you from the bad guys, it will increasingly protect businesses and their business models from you.
Ten years ago, the big conceptual change in IT security was deperimeterization. A wordlike grouping of 18 letters with both a prefix and a suffix, it has to be the ugliest word our industry invented. The concept, though — the dissolution of the strict boundaries between the internal and external network — was both real and important.
So, that was then. This is now:
Today, two other conceptual changes matter. The first is consumerization. Another ponderous invented word, it’s the idea that consumers get the cool new gadgets first, and demand to do their work on them. Employees already have their laptops configured just the way they like them, and they don’t want another one just for getting through the corporate VPN. They’re already reading their mail on their BlackBerrys or iPads. They already have a home computer, and it’s cooler than the standard issue IT department machine. Network administrators are increasingly losing control over clients.
This trend will only increase. Consumer devices will become trendier, cheaper, and more integrated; and younger people are already used to using their own stuff on their school networks. It’s a recapitulation of the PC revolution. The centralized computer center concept was shaken by people buying PCs to run VisiCalc; now it’s iPads and Android smart phones.
I’ve certainly noticed this myself: it was forced to my attention a couple of years ago, when a change of employment required me to buy and maintain my own “business” computer and software. Without seriously stressing my wallet, I was able to buy far more capable equipment than my previous employer had provided. Being able to check my email on multiple devices was very important, and once I’d started doing that, I realized the need to do many other things regardless of the machine I happened to be using. There are, of course, trade-offs involved:
The second conceptual change comes from cloud computing: our increasing tendency to store our data elsewhere. Call it decentralization: our email, photos, books, music, and documents are stored somewhere, and accessible to us through our consumer devices. The younger you are, the more you expect to get your digital stuff on the closest screen available. This is an important trend, because it signals the end of the hardware and operating system battles we’ve all lived with. Windows vs. Mac doesn’t matter when all you need is a web browser. Computers become temporary; user backup becomes irrelevant. It’s all out there somewhere — and users are increasingly losing control over their data.
Anyway, there’s lots more interesting stuff. Go read the whole thing.
