Is there a short list of ‘black swan’ turning point events that – if they occur – can cause massive, disruptive changes in the security industry?
Security today is largely a reactive industry that tends to evolve slowly in response to changing IT practices and demands. Really significant change, however, is often spurred by rare and random events.
Here’s a look at some key ‘black swan’ events that could radically shake up the security industry:
One of the more highly discussed possibilities is cyber-war, and many countries may already be preparing for one.
If we assume a cyber-war would be a widespread, sustained event that affects general businesses and populations – one that is more targeted and attributable than today’s cyber-attacks – then security vendors will almost certainly step up their technology development and marketing to defense agencies and contractors.
Vendors with a multinational presence may find themselves dealing with fault lines in their deployment, as nation-states pull further apart. The provenance of your company’s security technology will become a much greater concern.
Availability is a key factor in security.
There are many instances where cascading failures within one business can affect its customers, and where regional disasters can take out local infrastructure.
But a really big disaster that cuts across multiple public cloud datacenters, telcos, or other network and hosting providers, could change the practice of siloed security, where it’s normally ‘every organization for itself.’
A widespread, long-term outage that requires organizations to temporarily move to new hosting providers would, for example, mean that these new tenants would have to adopt the existing security infrastructure and practices in place there. Consequently, security portability would suddenly become a very hot topic.
Cyber-attacks have already been launched that could be labeled as terrorism, depending on your point of view. The 2010 Stuxnet virus, for example, was a deliberate attempt to destroy the nuclear capabilities of a nation.
A terrorist cyber-attack that was clearly attributable, with the purpose of terrorizing a specific population, would once again change dynamics within the security industry.
Both enterprises and consumers would focus on those security technologies that offer the most promise of protection, and users would place high demands on vendors to fulfill those promises. Terrorist attacks resulting in widespread, cross-vertical outages would likely provoke the same changes as those for a natural disaster.
Cascading, Cross-Provider Failures
As infrastructure becomes more interdependent, it also becomes more vulnerable to cross-provider failures.
Cascading failures across providers suddenly become possible, even when they aren’t a product of a natural disaster, but simply a ‘perfect storm’ of programming errors and unnoticed fragility. A domino effect of provider outages could lead to a greater examination of shared infrastructure dependencies.
Such vulnerabilities are already making headlines – the 2014 Heartbleed bug in OpenSSL, for example – since they affect organizations globally.
These vulnerabilities could become a much bigger problem if an exploitable flaw is used to start a chain of denial-of-service (DoS/DDoS) events across multiple providers.
Similarly, the impact of any legislation that increases the liability of organizations or security vendors would be profound. The ‘good’ news is that the nature of such legislation would probably be limited (by nation, region, industry or technology) – but if successful, it could spread.
In the litigious United States, for example, the cost to security providers could skyrocket – not just because of increased insurance premiums, but in technology and user-interface design as well.
Making security products more objectively ‘efficacious’ and ‘foolproof’ than they are today will take a lot of work. Moreover, doing so might slow down the development of startups in the security industry as smaller companies quickly seek shelter with larger ones that can afford to defend against lawsuits.
Most of these ‘black swan’ scenarios focus on availability as a core component. While there are other disruptive events that could change requirements for integrity and confidentiality, we don’t see them as being as catastrophic.
While the Snowden leaks caused lots of discussion and hand-wringing, they haven’t yet led to wholesale changes in the security industry. But we believe significant change can and will be spurred by rare and random events, many which are likely to center around availability.
Source: 451 Alliance (451research.com)