Security in 2020: the bad guy is you

It’s always tempting at the end of a given decade to take a guess (educated or otherwise) at what things will be like at the end of the next decade.

Two things we’re likely to have in 2020 is the fabled cloud and the “Internet of Things” – the one where most content is hosted and the majority of devices connected to the Internet (via fixed or wireless access) will be machines communicating with other machines. Which raises a relevant and very important question: what does that mean for network security?

It means a radical shift in thinking, according to BT Counterpane chief and all-around security expert Bruce Schneier, who has posted his introduction to a new book, Security 2020 by Doug Howard and Kevin Prince, on his blog.

It’s well worth reading because any good security plan starts with understanding what you’re securing and who or what you want to secure it against. Up to now, IT security has been all about protecting the user from bad guys (hackers, criminals, etc). In 2020, writes Schneier, the object of IT security will be to protect businesses and their business models from users.

Breaking it down to its simplest terms, IT tech is currently shaped by two main conceptual trends: consumerization (in which consumers want to use their own gadgets at work – i.e. employees using iPhones to access the corporate LAN, which means IT managers are losing control of what devices access the network) and decentralization (i.e. the cloud, which means users will lose control over their data, as opposed to storing it all locally).

Over the next ten years, says Schneier, we’ll see three new trends: deconcentration (the replacement of general-purpose computers with special-purpose devices and apps), decustomerization of hardware and software (in which, say, users cease to be Facebook’s customers and become its product to sell to Facebook’s real customers: advertisers) and depersonization (i.e. M2M, software agents that prioritize and push content based on your past behavior, etc).

In short, says Schneier, IT in 2020 is “not under your control, it’s doing things without your knowledge and consent, and it’s not necessarily acting in your best interests. And this is how things will be when they’re working as they’re intended to work; I haven't even started talking about the bad guys yet.”

And the security implications are enormous because security becomes a matter of preventing users from bypassing, hacking or generally monkeying around with the rules that define these new paradigms and relationships. Which means, for example, preventing users from running unauthorized apps on jailbroken devices, for example, or bypassing ads, or whatever.

In other words, “IT security in 2020 will be less about protecting you from traditional bad guys, and more about protecting corporate business models from you.”

Read the whole thing. Seriously.

Expanding on that idea, it will be even more interesting to see how these changes impact the telecoms services industry in general, and the mobile sector in particular.

Each of these upcoming trends is already taking root in the mobile sector, from people connecting smartphones to the corporate LAN out of convenience to the rise of apps, widgets, social networking, advertising as a monetization opportunity, and of course M2M.

It’s not hard to extrapolate that to a vision of 2020 in which ARPUs are history and mobile users have become products for mobile operators to deliver to their B2B customers.