In his article, Daniel Miessler reflects on the future of information security in 2050. One important insight is the advancing standardization – this will certainly also help to counter the lack of personnel and to be able to automate more. The fact that information security as part of IT continues to develop into an engineering science is at least a trend that has been described and demanded for years, even if the individual steps happen very slowly. On the one hand, this is certainly true for large and professional services in the enterprise environment, but increased complexity and the need to take things into one’s own hands will, in my view, retain a significant share and delay the process of standardization. I also believe that dependencies and a level of complexity that can only be mastered by a few will not disappear so quickly.
The statement that security will be a part of the technologies has been a demanded requirement for years. The fact that this has been driven primarily by containers and cloud as quasi-standards is to be welcomed and will certainly remain a trend and probably continue in new megatrends. Nevertheless, I expect that there will continue to be critical dependencies on products/packages that are not security-by-design and security-by-default.
However, especially in the topic area of Automation and AI, it is becoming clear that yes, not only will information security evolve on one side, but so will attacks on the other. On the one hand, attackers also benefit from standardization, automation, AI and other new technologies (are attackers also struggling with demographic change?), but the really good attacks of recent years have always thought around the corner and here it remains exciting whether AI will be ahead more often in the cat-and-mouse game on the attacker side or on the defender side (bets are welcome).
Furthermore, Daniel Miessler goes into the areas of Regulation, Insurance, Career and finally summarizes everything in an illustrative case study.
All in all, I am a bit skeptical, as the current tendencies towards extensive shadow IT will probably only end abruptly if significant IT security incidents lead to more stringency and consistency. Even the severe security incidents so far do not seem to be enough to achieve this. I still observe a trend towards more diverse solutions instead of fewer and more secure solutions (the theory of whether the amount of security is constant across all software would be an interesting further subject). So it remains exciting.
Since predictions are always hardest when they concern the future, this post will certainly still be worth reading in a few years.
Source:
Translated with www.DeepL.com/Translator (free version)