This paper originally started with a blog post called Inflection that looked at a series of developing security trends and attempted to predict their eventual outcome. I researched for nearly 18 months; this paper compiles my thoughts on where the security industry is headed, why, and how it affects us now. From the introduction:

Disruption defines the business of information security. New technologies change how businesses work and what risks people take. Attackers shift their strategies. But the better we security professionals predict and prepare for these disruptions, the more effective we can be.

As analysts, we at Securosis focus most of our research on the here and now – on how best to tackle the security challenges faced by CISOs and security professionals when they show up to work in the morning. Occasionally, as part of this research, we note trends with the potential to dramatically affect the security industry and our profession.

This paper starts with a description of the disruptive forces at work in our industry, but its real objective is to lay out their long-term implications for the practice of security – and how we expect security to evolve for security professionals, security vendors, and cloud and other infrastructure providers. Through the report we will back up our analysis with real – world examples that show this transformation isn’t a vague possibility in a distant future, but is already well under way.

Although these changes are inevitable, they are far from evenly distributed. As you will see, this provides plenty of time and incentive for professionals and organizations to prepare.

We would like to thank Box for licensing this content, enabling us to dedicate the resources to the research and release it for free.

The Future of Security (Full Report, PDF)
Executive Overview (PDF)


Future-of-Security_Exec_Overview.pdf [550KB]