When Rick asked me to write a blog for his platform, I was adamant I could write it about all the new and exciting technology emerging in the security field. We have AI coming up, Cloud Computing is already here and there is even behavior analysis coming into play in this exciting field of work. It would be impossible not to blog about it, right? I sat on the idea for a week, even two maybe and still had no blog. Rick was bugging me over-and-over and I couldn’t figure out why I couldn’t hammer out two pages about the upcoming technology in the security business. Than it hit me: It had to do with my other love in (work) life! Cloud Computing, or more specifically: Public Cloud Computing.
Think about it for a while: What are we really trying to secure here? We use VPN’s for private access to a Remote Desktop Server (for remote workers), so they can run some application we installed on that Remote Desktop Server to access data on some other server in a network. We use Private Cloud, Hybrid Cloud and find reasons or regulations why we can’t possibly go to the public cloud or even use traditional systems. However, my prediction is simple: Those are all going to disappear. Within five or ten years, all those semi-cloud solutions and reasons not to use a public cloud will be gone.
Securing the (public) cloud
So where does that leave my security blog? Well, for the public cloud to be safe and successful, there must be security in the public cloud. The difference is who delivers it. Right now, that task falls on the clients. The public cloud provider only secures the platform and access to the platform and the client is responsible for securing whatever is running on the public cloud. This makes for half-and-half solutions. As a client, you want to use AI and behavior analysis to secure the public cloud but can’t get the entire picture because you have no access to the lower levels of the system. The public cloud provider can not do it either, because they will not and cannot access the higher functions of the public cloud without your explicit consent.
The coming of age of AI
I predict that soon this AI will be available to clients. Access all the way down to the lower levels of the public cloud through an API where you connect the upper level AI you control. Instead of protecting the connections, applications and servers, you will protect the only thing that matters: data access. With that, you can use the public cloud in the way it was meant to. Provide services to your users, clients, customers, even the public. Let them decide themselves how they access and consume the information, through what interface or application, or through their own AI.
We already see this shift a little bit in the field. Products that harness AI to notice suspect behavior and generate alerts. Not necessarily because it is disallowed, but because it is strange that this particular user at this particular time from this particular location is doing what he or she is doing. As for the security field I work in myself: Our work isn’t done. There is still programmer error, users with terrible passwords and of course an AI to train and pester with strange requests to illicit a response. Would an AI stop monitoring if I told it to? And what if I told it to explicitly monitor its own log files for changes and mark those in its log files?
Where will it end?
The development of AI will continue up to a point where you as a person have a personal assistant that will fetch the information you need. How will it do that? By asking the AI of the data source if you have access. There is no real interaction between the person and the systems anymore, you are not bound to one organization or one data source, your personal assistant will simply find and serve data you need right now, like this awesome blog in your lunch break for some light reading while you munch down on your sandwich.
Biography: Sebastiaan van der Meer has been heavily involved with Microsoft Azure, virtualization and security through out his professional life. Currently he works for Securesult, a company specialized in helping clients become more aware and secure in an ever changing IT landscape. He has held roles as CISO, business developer and trainer for several organisations and speaker at several events regarding cloud and security. Did you enjoy this story do you want to know more about Sebastiaan and do you want to get in touch with him? Connect with him on his LinkedIn page.