New Series (and Paper): The Future of Information Security

By Rich

Update: Here are links to the series as we post it:

Back in 2012 I wrote a post titled Inflection. It was a collection of ideas and trends I have been watching, with the implications for the practice of security.

This year I submitted it to the RSA Conference and it was accepted. I will be giving an updated presentation based on that post Tuesday afternoon.

I thought that would be the end of it, because this isn’t the sort of research someone is usually interested in licensing and so it stays on the blog. But I was contacted by the folks at Box who were looking for something different that focuses more on where the industry is headed than our usual papers on helping you manage a current security issue. As an analyst I believe the majority of my published research should focus on day-to-day management of security, but it is also important to push the edges a bit and spend time thinking about the bigger picture.

I am particularly excited about this paper because it isn’t being licensed by a traditional security vendor. The call from Box came out of left field, and shows that cloud and content providers are seeing security as a competitive differentiator. That isn’t an endorsement – no one can ever pay us to say nice things about them, but I can honestly say we are doing more work this year outside the traditional security market than I have ever seen before.

To wet your whistle as I start writing the content, here’s a graphic of the outline. I will also be putting the content up on GitHub as I write and edit it for public feedback and review. I’m finding I like that better than the blog for the people who want to provide feedback, but this feed is better for getting the draft content out to a wide audience. We’ll take feedback on either side.

Oh, and I could really use some help with a better title! This one feels a little pretentious to me, but I am struggling for something better and “Inflection” doesn’t translate well to a paper.

Thanks, and here’s the outline:

Inflection map

No Related Posts

Why have you left off social as a force causing disruption in the security world?  I think the need to engage with and share content with an ever growing and shrinking mass of mostly anonymous netizens surely must have some impact on how we are going to protect things, let alone the chances that social networks will be used to add identity context and contribute to other security primitives.

By ds

Ron, also like yours… other than the all caps NOW :) I’m too introverted to shout on the Internet and all ...

By Rich

Russ- I *love* that title personally, although not sure it is mass marketable enough! I’ll definitely start floating it around. You also really captured how I want to present the material and make the case…

By Rich

Ron, cyber security is two words—just like cyber insurance. There is no hyphen.

By Andre Gironda

Here’s a title idea: “A Disruptive Collision, The Cybersecurity Future is NOW.” This is taken directly from your outline.

This is a fascinating topic on cybersecurity trends, although I keep thinking “Groundhog Day.”  Haven’t we been here before?

By Ron Woerner

Title suggestion: “Creative Destruction in the Information Security Ecosystem”.  The term “creative destruction” originates with Schumpeter.  Though his general description of entrepreneurial upheaval doesn’t exactly match your analysis, it’s close enough.  The advantage of this title and the association with Schumpeter is that it will emphasize that this huge disruption is NOT solely due to technical changes and improvements in InfoSec technologies.  Instead, it’s driven by business forces, economic forces, and technical forces in the greater ecosystem.


By Russell Thomas

If you like to leave comments, and aren’t a spammer, register for the site and email us at and we’ll turn off moderation for your account.