A New Hope

by Hank Berkley
Contributing Editor

Cyber security does not come cheap and is not great. But that may be changing.

Today security is primarily outside of regular business processes. It sits on top of and often interferes with business. Moving security from an external function to an integrated process potentially reduces the costs and improves the product, but we aren’t there yet. Information security is in a separate world in which people speak in acronyms and most of what is done is obscured from all but the most technology savvy people. But there is hope.

Most people working in IT today have never known a world without cyber security, but the field is really less than 30 years old. And only with the advent of the broadly used internet, less than 15 years ago, did security become a “real thing”. Using some similarities to what happened to the auto industry in the United States we can anticipate where cyber is going.

In the 1890’s everyone who had a mechanical inclination started to build horseless carriages. Each was handcrafted including custom built engines and parts made by local woodworkers and metal workers. There was a lot of experimentation taking place.

Each manufactuer tried to pick out a niche to fill. Not only were vehicles expensive to purchase, but it was customary to have a staff to maintain each one. Besides employing a driver, owners had their own mechanics who were skilled in maintaining the specific automobile. As parts were hand-made (and not too reliable), money was spent to maintain an inventory. Automobiles were not for the masses.

Over a few decades companies sprung up to make parts for the automobile industry which lowered costs, improved quality and increased accessibility. Then mergers and bankruptcies reduced hundreds of manufacturers to just a few. Those who chose the wrong vendor were stranded. If you drove a Luverne rather than an equivalent Cadillac, no more parts or service were available. 

Skip ahead to today and we have a couple of dozen car makers around the world that produce transportation solutions for almost all situations. They often share parts suppliers and produce many models using common components. They do it as a reasonable cost and deliver great reliability.

Cyber security is in its infancy, but like the auto industry did, it is evolving. There are thousands of companies around the globe who are innovating and coming up with great solutions to specific needs. Some focus on single industries while others apply their knowledge to solving specific technology issues. Creative individuals are developing new ways to address security problems and those solutions are being leap-frogged by better solutions constantly. In the meantime, we are forced to select mostly limited products from companies who will be out of business or gobbled-up in the not-so-distant future.

The components that we have require an expensive staff with expertise to keep them running and they rarely interface with other software from other companies. In fact, they often don’t interface with other products from the same vendor.

The good news is that as cyber security broadens and as software and hardware vendors put more emphasis into building more secure products, the cost and complexity of security will shrink and the functionality will improve. We are moving to a phase of technology in which the cyber security function will become an integrated, operational process which, in turn, will lower the overall costs and enhance the quality.

It took the auto industry about 60 years before consolidation and standardization started to reap benefits for the consumers. At the speed that today’s world is moving, improvements in cyber security technology will surely come much faster, but not overnight.

Of course, there will be winners and losers. Products that you invest in today may be gone in five years. Staff who you hire today may find their specialized skills are not needed in ten years. Remember where we are in the industry cycle and proceed with caution when selecting products and security vendors, knowing that the relationship may not last as long as anticipated. It’s a challenging time in cyber security, but there Is promise for the future. A future that may be here soon.