Friday, 27 April 2007

A Brief History of the Future.

Joshua led the Israelites 7 times around the ancient city of Jericho until the walls came down. Joshua was a man after my own heart. I would gladly walk 7 times around every firewall in the world if it would make them crumble to dust. Once again however, I digress.

The aim of the Jericho Forum is to promote business by taking away the hard outer layers of perimeter security that are ubiquitous these days. Some people can't see this ever happening, and like the people who believed so strongly that the world was flat, they resort to name calling and snorting to prove their point (sorry this is such an old article, but it's still the 5th entry on Google when searching for "Jericho Forum", number 3 being a discussion board for the TV Series Jericho. Doh!)

Deperimeterisation is a very long word, but it makes such a lot of sense if you spell it right. I'm beginning to see it happen already. I talked previously about AppGate and Secerno; these are both a step towards creating better security at the app and db levels. I've seen some fabulous security this week, firewalls are being incorporated into UTM devices fairly universally now, and this is a great way to get rid of them altogether.

Once UTMs have replaced all the firewalls we will be left with proper devices at the perimeter which filter out all the crap and leave you with something clean to go through your network. However, why then would we leave them at the perimeter? Network devices are only ever applications working inside a box. Why not make this security travel with each transaction, or at least build it into your apps, make it data-centric rather than network-centric...

UTM is the first step, AppGate have seen this already, Hoff over at Crossbeam also knows this, and is cashing in. F5, who I am a great fan of, have been breaking into the same space for a while, as have Juniper, Bluecoat, etc, etc.

Computers are becoming powerful enough to be basically a network in a box, but still want to connect to each other. It's becoming like the internet in the early seventies again, just a collection of connected points without concentrated private networks. Albeit there are a hell of a lot more of them, but the principle is the same.

In this scenario, the perimeter is dispersed or non-existent, so there's no way of telling where it is to protect it, and this is how it should be security should have as few variables as possible to ensure ubiquity and uniformity. This makes business easier, and now we have open standards for communicating, this is possible to do securely, unlike the 70s.

We still have to educate the users: security will one day boil down to best practices and learning how to be safe as the technology becomes reasonably standard across the board. We will see more platforms, frameworks for building security on like UNP, more standards, SOA, webservices, XML, until there are no longer any huge advances to be made or huge margins to be gained. This is long after the Semantic Web of course and way into the future.

The new billionaires will be the inventors of the next "next big thing", which will leave us all kicking ourselves that we hadn't thought of it of course, and the world will change again.

(Better than Hawking any day.)

No comments: