Security: The great privacy compromise

No magic technology bullet will solve the ongoing crisis in enterprise security. The answer is political -- and a long way off

Security will remain at its current pathetic level or worse during the next 5 to 10 years. The next big thing is a long way off, primarily for cultural rather than technical reasons.

Until then, I can confidently predict that every new security product introduced to protect you will fail miserably. Criminals will continue to hack at will and almost never get caught. Whatever defenses are envisioned and deployed, malicious exploits will bypass. It's not a pretty picture, but it's a pretty sure bet.

At some point, with way too much pain and blood on the ground, we will decide to solve the real problem: the pervasiveness of anonymity. Think of almost any Internet security problem (outside of encryption for confidentiality) and default, persuasive authentication would fix it. There'd be better authentication of our computers, hardware, booting, OS, and applications, as well as authentication and identification of who sent what network packet, from beginning to end.

As for end-user authentication, biometrics will finally gain critical mass. For passwords to be secure, they must be complex and 8 or more characters long. But soon 8 characters won't be enough, and it will take 10 complex characters to be relatively secure, with more frequent password changes. That's why biometrics and two-factor solutions will become standard in the corporate environment over the next 5 years. Online banks, stock trading sites, and other financial institutions will require two-factor tokens. Most governments will mandate biometric identification to obtain services.

Computers and all network devices will become better identified using persuasive trust mechanisms. Receivers of network packets will be able to trace all network packets and connections (egress and ingress) back to their origination.

Privacy advocates will protest the default authentication built into everything using a computer chip. But the benefits promised by corporations and the government ("We can help you locate your children if they are kidnapped") will make consumers beg for the intrusion. Privacy advocates who don't wish to be "chipped" will use their own version of the Internet and take their chances in a Wild West-style environment much like the one we suffer today.

Meanwhile, in the safe confines of an Internet transformed by pervasive authentication, malicious hackers will have a hard time escaping capture. The increased protections provided by more secure identity and authentication mechanisms will make malicious hacking too arduous to be profitable anymore. In exchange for compromising on privacy, the online experience will finally be a safe one.

Show me the list of other next big things | Surprise me with another next big thing