The face of online security will change drastically, Jim Bidzos, founder and chairman of trusted certificates vendor VeriSign, said in a keynote speech on Wednesday at the RSA Security Conference in San Francisco.
“In the ’70s in enterprises, there were mainly mainframes. The Internet, due to good work by Al Gore, who will be speaking later, was then just beginning,” he said. When local area networks came along in the ’80s, tokens were introduced and “they were good enough for this kind of access,” Bidzos said.
Over time, as the Internet developed, however, the face of security changed, with public key encryption, intrusion detection and firewall technology being developed. Again, those were good enough for the times. “It’s like your credit cards; despite the amount of credit card fraud occurring, the security is good enough to keep losses through fraud to an acceptable level,” he said.
The Winds of Change
That isn’t going to be the case any more.
“Wireless is proliferating; in Japan, I saw a demo from a bank that showed how a small business using only a cell phone could do all its banking over an infrastructure the bank provided,” Bidzos said.
Now, security measures include authentication certificates for users and devices, extensions and public key infrastructure (PKI), and, “if you talk to people at the expo, they have solutions for every problem,” Bidzos said.
Keeping up with the rapid changes in technology will be a challenge, however. “What’s good enough today isn’t going to be good enough in the future,” Bidzos said. “We’re still trying to fix things with Band-Aids and some of the consequences aren’t pleasant.” Those consequences include operating systems bloat and constant operating system and application patches, Bidzos added.
Patterns of ID Theft
The majority of ID theft today is committed with data not collected online, through “dumpster diving and stuff like that,” Bidzos said. A lot of it also occurs when laptops holding thousands of user or customer data records are stolen. That will change: Once people are able to collect enough data online, they will “commit theft on a scale we have not seen yet,” he said.
Generation V consists of kids today, who are always connected. “Anyone who has somebody in the house of high school age or younger knows what I’m talking about,” Bidzos said. “They have grown up with computers in the house, and are always online.” Where the older generation mainly uses the Internet for e-mail or shopping, Generation V gets on the Internet for a wider range of things such as social networking and other uses.
The hallmarks of Generation V: The number of such users is increasing rapidly; the type of access they employ is ever-widening; and Internet access is growing by orders of magnitude. And computers won’t be the only things through which they access the Internet. “There are five babies being born and 25 cell phones sold worldwide every second,” Bidzos said.
“The challenges will be very different, identity being very important,” Bidzos said.
The New Challenges
Credentials and identities will mean new things in the future, Bidzos said.
These problems were solved before in the enterprise, which had centralized IDs that were handed out to users. Would this approach work for the Internet? No, because enterprises may have thousands of users, while the Internet has millions; the enterprise has control because everything is centralized.
With the Internet, “things are upside down,” said Bidzos. The solution needs to be opt-in, and users need to be enticed to accept it, unlike in the enterprise where they have to accept solutions willy-nilly.
So, Internet solutions must be consumer-friendly, infinitely scalable and low cost. But they use decentralized Web services and are administered by uncoordinated entities. “Complex, cumbersome security solutions won’t fly,” he said.
Keys to a New Solution
Consumers must trust the process; they must be in control; the solution must be based on open standards; the network must have 99.9 percent reliability; and there needs to be an intelligent infrastructure that makes user interaction easy.
A solution from the government will be unacceptable. “In the ’90s, there was a proposal that the government would be a trusted third party, but everybody felt a public company with a lot to lose would be a better solution,” Bidzos said.
Finally, open standards will be crucial because “a lot of problems tend to go away if you have an open solution based on standards,” Bidzos said.