There has been interesting discussion lately as momentum gathers for the third platform, comprising the coming together of four elements: mobile computing, cloud services, social networking, and big data analytics. This follows from the first platform of mainframes and terminals in the 1970s and early 80s, and the second platform of PCs and client/server structure. I well remember the transition from first to second platform around 1986 when those of us promoting the merits of PC computing debated hotly with mainframe people stuck in their comfort zone convinced the world would remain on first platform. I suspect that the IT world more readily accepts change these days and the transition onto the third platform will be less painful.
There will be exciting new security challenges emerging as the IT world now moves onto the third platform.
Each of the four elements of the third platform – mobile, cloud, social, big data – already exists individually with known security issues. To mention only a few for example, mobile computing already has the challenges of malware and phishing, BYOD and BYOA (Bring your Own Application). Cloud computing already has the challenge of access and identity, hacking and virtual appliances. Social networking has the challenges of privacy and identity theft. Big data brings the challenges of hacking, ransomware and catastrophic intrusions leading to mass identity theft.
As the third platform gathers momentum, the interplay between the four elements will bring additional security challenges to the fore – for example, mobile/cloud developments, social/big data developments, etc. – new security challenges will emerge as the elements realign in new ways. The interplay of mobile and social for example, has brought about apps which show the GPS location of friends. The possibilities presented by the third platform are almost endless.
It is impossible to imagine exactly how the interaction between the four elements will play out, but from our standpoint now, some issues can already be foreseen. For example, the integration of social networking and the cloud will result in social network credentials being used as an element in identity and access management. We are already seeing this trend emerging on the internet, as Twitter and Facebook credentials are used for identification on other platforms. If used as an access and identity element on sites that require high security, this could introduce significant security challenges as the same social credentials are exposed in less secure environments.
The third platform will introduce increased consumer-to-consumer communication as the concept of social graph develops. For example, from the interaction of big data analytics and social networks, through a process of social filtering, the consumer could get recommendations for products and services from their social graph of friends and colleagues. This could be a more trusted recommendation than those from strangers currently available.
The increasing infiltration of mobile devices in the enterprise will lead organisations to re-think their security methods. This will have implications for inter alia patch policies, authentication, access. BYOD and BYOA will make it more and more pointless for the enterprise to control their environment by locking down and a focus on perimeter protection.
There is a merging of mobile and cloud, where a personal cloud could replace the PC. SaaS for the PC or mobile device will be commonplace. As the cloud service is delivered across devices, this development shifts focus away from the client device as it becomes more irrelevant, and onto the cloud service. Security issues will focus on the cloud service rather than the device.
Security challenges from exponentially increasing interconnectedness
There is no doubt that the IT landscape is undergoing fundamental changes. The third platform will be a far more interconnected world – people, data and applications will be far more interconnected through the four elements of mobile, cloud, social and big data. Security challenges will be at the forefront of these changes – exciting times are ahead. Those entrusted with security responsibilities are going to be challenged like never before. And security innovation will be rewarded enormously for those with courage and foresight, through the opportunities that are emerging.