The way IT management and users view computer security may soon change drastically, according to industry expert Chris Christiansen.
Over the next few years, said Christiansen, vice president of Internet infrastructure and security software at International Data Corp., security will go beyond the basic task of keeping out viruses and hackers. New security services and devices will help foster trust in emerging e-business networks, and may even someday serve to attract customers with convenience, Christiansen said at the recent IDC Directions 2001 conference in Boston.
Companies still react to the "negative" aspects of security; they secure their systems because of fear and government regulation, Christiansen said. However, companies have begun to approach security more proactively. Some are discovering that there are more beneficial, economic reasons to have good security.
"The new model is about opening [your system to the outside world]," Christiansen said. The success of the Web is a major driver. Christiansen likened the new security model to that of an airport, which is open to the public, but restricts access at key points.
"You want as much traffic to go through as possible, with highly individualized security stops," Christiansen said. The public understands that there is a certain level of security at the airport check-in and the loading gate, he continued. They also accept the fact that authentication procedures may be very rigid in crew rooms and baggage rooms, and on the airport tarmac.
A coming generation of smart cards and security software services could bring security into the mainstream, making a necessity that users usually consider burdensome into a convenience, said Christiansen.
"The challenge is taking security from being an onerous task to a higher level of customer satisfaction," he said. He pointed to the American Express Co. Blue charge card, which includes an embedded chip that better secures online transactions, as a harbinger of things to come.
The Blue card addresses concerns about card security and online fraud protection, and also targets fashion-conscious young consumers.
The growing importance of security cards and other services that use PKI (public key infrastructure) should not be understated. Christiansen said IDC predicts that the PKI market will grow from US$506 million in 2000 to $3.01 billion in 2004.
In addition to boosting convenience and customer loyalty, transactional security saves companies money when the process is moved from manual to Web-based, Christiansen said. In the future, people may use smart cards to get tickets and book hotel rooms when on vacation, instead of waiting in lines and speaking with customer service representatives. Each time a transaction occurred, you could see the loyalty points accumulating on your smart card. Moreover, a medical doctor's security card could easily double as a payment device, and as an access mechanism that allowed the doctor to update patient records from home using a virtual private network with a firewall. IT may increasingly outsource security managers to service providers. These providers, in turn, will work to provide infrastructure to support useful transactional services.
Much remains to be done in order to make this future a reality. The biggest challenge for IT managers, Christiansen said, is still managing the security environment.
Includes reporting by Jack Vaughan, senior editor at ITworld.com