Society only needs to look back a few decades to see a time when computers were so basic as to be unrecognisable. Technological advancement was slow and as such, security and network protocols were basic.
This historic pace has impacted every area of computing as no one envisaged the growth or current state of technology. Today, millennials are growing up with no knowledge of dial up internet or phones that aren’t smart. For them, a Wi-Fi black spot is the underground or a flight.
However, the protocols used to govern our security are still rooted in the older, slower, simpler computing age. We are all aware of how much has changed, and yet, the security industry hasn’t adapted its approach. Have we left the past behind? Honestly, the answer is no.
>See also: Cyber security from a hacker’s perspective
Meeting increasing complexity
Of course, it’s easy to point at obvious mistakes with the benefit of hindsight, but those who created protocols 30 years ago had no idea that advancements such as wireless networking would be possible, never mind mainstream.
Today’s computing landscape is incredibly complex, and this will only increase in the coming years. Protocols being developed today have to imagine the direction today’s technology is moving in and predict what might happen in the future.
For example, with the concept of blockchain, mesh networking and wireless broadcast networking, how does this affect a protocol? How is the long-term safety of users affected?
The exact same needs should be considered for trends such as IoT and the consumerisation of IT. In order to meet demands, security professionals must stop looking backwards to what has happened and start imagining the future needs and the best route to fulfil them.
There are lots of flaws left over that lend themselves to exploitation – proving that businesses need to stop looking backwards. The patches are exactly that: a patch. They look like band-aids or duct-tape rather than complete or authoritative repairs.
Most businesses instinctively know that the current protocols won’t meet their needs in the future but persistently follow the old route instead of attempting to create something new.
Software is art
It’s easy to say ‘predict the future’ but it’s impossible to actually do it. The tricky part is imaging a network protocol in 20 years – how can the current, impressive technology be moved forward? There are little pieces to it, and those who wrote wireless protocols should consider what they would have done differently as a starting point.
Additionally, the most vital consideration for any developer is what are customers seeing and demanding? How can this learning be applied to everybody?
>See also: IoT boom and GDPR raise the stakes of a cyber security breach
Then consider the overall picture. There’s a beauty to code; it has a symmetry and complexity that is beautiful when you know what you’re looking at. Like a painter with a canvass, what can be painted is limited to the artist’s mind and vision.
For a security developer, if they can dream things then they can create their vision for more comprehensive security. Creating and imagining are the fun parts of the research and development process.
One of the benefits of the quick pace of change in today’s technology adoption is the ability to try something new and move on if it doesn’t work. While a long term, robust implementation is obviously the goal for all developers, organisations have the ability to model, test and deploy rapidly, so they should be taking advantage of this.
In examining today and tomorrow’s needs and not looking backwards, the industry will be in a better place to plot a course for comprehensive, robust security protocols which will still be relevant in the next ten, even 20 years.
Sourced from Barrett Lyon, head of research and development, Neustar