At RSA Conference APJ this year, Art Coviello’s opening keynote stressed the interdependency of the digital world we have created. He articulated the challenges the security industry faces as the norms of behavior for nations, businesses and people in the digital world are still painfully ambiguous. The “rich soil of digital chaos” is being tilled by many. While we have collectively input into the building of this digital world, we now approach the increasing ‘interdependencies we have created with fear and trepidation’. The dissolution of Trust bred by recent revelations is already beginning to radically impact the Digital Age. Amit Yoran followed Art with further exploration on how organizations’ Cyber Security functions must respond to this ‘digital chaos’. He painted a picture of using visibility, analytics and action as the basis for Intelligence Driven Security with robust, agile capabilities to ‘wage a near real-time battle against the adversary.’
These talks drove me to consider what our digital universe will be in the future. Most often we discuss the changes in our digital world as an Evolution. Some may say Revolution (borrowing from the Industrial Revolution) but I hear the world “evolve” so often when it comes to IT, Security, GRC and anything cyber related. Technology is evolving; the adversary is evolving; compliance is evolving… To me Evolution boils down to ‘survival of the fittest’. While there are definitely elements of ‘the powerful prevail, the weak fail’ when it comes to the Digital Age, in reality, we should be thinking in terms of “Intelligent Design” – not Evolution. Now, I don’t want to get into the debate between Evolution and Intelligent Design. But what I mean is that “Intelligent Design” implies a process where something is built for a purpose with a long term strategy interwoven into the effort.
When you look at today’s security strategies, we must take a step back and look at this bigger picture. Is your organization’s security strategy driven by Evolution or Intelligent Design? Evolution is a constant war against what works and what doesn’t. Something is built and if it works it survives; if it doesn’t, it goes the way of the Dodo bird. Unfortunately, many of our security implementations seem to follow this thinking. While this approach may seem like progress, much of it is build up, tear down, build up, tear down, repeat as necessary. Intelligent Design, as I envision it, represents a non-traditional way of looking at security. It isn’t rooted in the traditional terms and frameworks of security – military type defenses and walls constructed to statically deny the adversary. Intelligent (Security) Design means the long term purpose and goals are woven into each step of the journey. Each step builds on the last with purpose and meaning.
Several months ago, I wrote a blog that posed the concept that the “digital world” represents a Fifth Dimension in our universe. It is a truly unique dimension since we created it. The future of that world is controlled completely by us. We create the technology, we deploy the servers, we write the code. So which path should we chose: Evolution or Intelligent Design. Do we want the brute force and, in many circumstances, the harsh world of Darwinism? Or do we want this dimension – OUR dimension – to follow the Intelligent Design? Isn’t that what we should be striving for? Not who is the biggest and strongest but what is the end goal, what is the purpose and where does this digital world lead us.
Art’s articulation of the erosion of trust and the potential damage to the digital dimension we have built underscores the absolute critical role security plays. Consider where technology can take us and then consider the impacts of a complete breakdown of the technology advancements all due to a crumbling level of trust. We see evidence of this fragmentation today and it is foreshadowing of a reversal of progress for the human race. Do we want the ability to share information, create relationships across borders, raise injustice, educate our children and build a truly global network to live? We, as the security industry, cannot leave it to the ‘survival of the fittest’ because those that need these capabilities are not always the powerful. It would be shameful for us to allow the future of a universe we created and control to be decided by the cruel hand of natural selection. Trust in the digital age must be restored by Intelligent Design – not Evolution – both within your organization and the industry as a whole.