David Lacey has posted that he feels that the future of security lies in academia. I don’t agree entirely.

The reason being that I have been excited by the work done by HP Labs for example, particularly in the scope of trusted computing and the TPM module. Then Intel that have since 3-4 years been shipping chips with built-in security. I call it security bottom-up. From the top-down is products such as HP’s Arcsight, that can not only log everything that moves or not, but also correlate in a way so as to present otherwise unmeaningful data in a meaningful way via a compliance dashboard. This type of security is particularly interesting for military and any organization wanting to track (big or little brother) in an intelligent way everything happening within the boundaries of their world. Clearly this is against everything I believe in as a privacy advocate, but that is another post 😉

However I do understand where David is coming from. We are realizing that “ticking boxes” is not an effective way of proving you are secure, it doesn’t even prove you are compliant. All it does is shows you are following one or more processes that demonstrates “you have tried your best” nothing more. This is not the way forward.

The way forward is proving you are secure and this is only achievable by building security into the heart of everything digital, by doing this even the human-aspect of information security maybe obsolete in the future, especially as biometric form of authentication become more accepted, and contextual authentication key to achieving the vision of BYOD or what I prefer to call “any device anywhere” that is driving the type of security being implemented by some verticals such as telecommunications and healthcare today.

All of this is achievable today. Intel have as daughter companies McAfee and Nordic Edge. Both are, with the help of Intel building security at the “chip level” for their products. Go and take a look. Also check some posts I made in December, lots there on the cool security stuff going on in industry.