Sunday, April 22, 2018

The Dark World

There have been three eras of computing, platforms that have dominated the landscape and enabled the next wave of technology expansion. The mainframe era, saddled by high cost,limited reach and a character-based mentality, gave way to personal computers and, eventually, their phenomenal growth. The PC era was capped by the complexity and cost of its inherently distributed nature, and gave way to the Internet era, fueled by massive increases in bandwidth, web standards and mobile devices. But even twenty years ago it was apparent to me that security would be the Internet era’s achilles heel and the emergence of real risks to critical infrastructure, the establishment of government cyber-warfare programs and the criminal, business-like nature of the dark web shows the Internet era needs to tail off and give way, slowly but eventually to a fourth era of computing, which I’ll call “The Dark World”.

Metaphorically, the Internet era started as a large white canvas, open and inviting. On that canvas emerged black spots, hiding small pieces, implemented by devices like firewalls intrusion prevention devices. More dark spots emerged with the spread of encryption, now protecting more than half of the data transported across the Internet. Real progress is being made, but the white canvas is growing faster than the dark spots can overtake it, and the solution, the fourth wave of computing, will begin as a dark canvas, with white spots appearing where needed. A black canvas can grow exponentially without exposing additional security risk. I don’t believe that today’s black spots will ever grow fast enough or big enough to be a true fix, just needed band-aids along the way.

The Dark World will be a fully encrypted platform, an integrated stack of hardware and software where locked down is the default and plain text is not an option. It will incorporate today’s common solutions, such as disk encryption and Transport Layer Security, but will introduce recent and cutting-edge advancements such as post-quantum encryption, encrypted memory and fully homomorphic encryption, allowing services to be built without ever decrypting the data. Given the immense overhead of such a platform, in terms of 2018 dollars, this platform will naturally start on the highest-value assets, perhaps your firewalls, externally-facing web servers, services that must be HIPAA, PCI or GDPR compliant or your critical infrastructure. This fourth era of computing, like its predecessors, will start small and pose little obvious threat to today’s predominant technology vendors. But interest, investment and innovation will rapidly advance the capabilities and cost-effectiveness of this new era and some point, and probably not too far off, the fourth era of computing will be the default and will leave to support the Internet era, just like we still do for PCs and mainframes, as legacy systems.

The biggest challenge of The Dark World may be the mental mindshift of risk. No longer will we be worried about the leaking of our assets, money, intellectual property or state secrets, to the criminal element or another government. The real risk will be the loss of these assets to ourselves and certainly our governments will panic when they lose that access as well. Our technical staffs will be “flying blind”, yet expected to maintain high service levels. But managing these risks, finding the appropriate “side doors” to satisfy both elected officials and corporate governance, will come front and center as the discussion moves from “what to protect” to “what not to lose”.

The purpose of a strategy is not about getting the details right, but to get people looking. We are all bombarded by millions of pieces of information a day and out of necessity ignore. The message here is to start noticing advancements in encryption and look for a platform to emerge. If all the details above are wrong, but we end up with that metaphorical black canvas, we’ll usher in the next explosion of technology growth.

No comments: