I was invited to meet with some of the brightest individuals representing various military branches not long ago to discuss my views on potential security technology looking forward to 2020. These individuals, who work for a Department of the Navy organization called the Strategic Studies Group, came armed with a few articles that I authored and wanted to hear more. I was quite honored to provide my views and insight.
We started with a fascinating conversation about the ability to eliminate passwords, something that I know everyone would like to see happen. They’re looking at whether moving to something like biometrics could help them manage personnel access to data and physical locations. This represents quite a challenge, since today biometrics are considered an added layer of security to the traditional two-factor system based on user name and password. Of course, we also talked about legacy migration and the cultural implications of this type of transition.
This conversation led to a tangential discussion of what identity technologies might exist beyond smart cards, which military personnel now carry everywhere they go. The idea of some kind of identifying technology that could be physically connected to the user’s body could offer some interesting gains. Mark Cohn, Chief Technology Officer of Unisys Federal Systems, and I have spoken about this in the past, so the idea wasn’t new and I had some of Mark’s insights to draw upon.
A future chip could have a variety of capabilities, such as the ability to monitor the health of the individual and to connect through multiple communication vectors. It could hold information such as the individual’s medical records and biometrics data. This technology would need to be designed to work on or within the human body and provide enough security to protect the information on the chip from intrusion by the enemy.
We also covered the zero trust models, which I’ve talked about in previous blog posts. That conversation took an interesting twist. I explained the data protection maturity models and how many institutions place the same value on all of their data and therefore provide the same levels of protection to all of it.
The zero trust model resonated with them. They recognized that government organizations apply high levels of assurance to protect their most critical data, forcing the rest of the organization to adopt the same high-assurance security controls even though most of the data processed is not as critical.
Why not move systems with critical data into a protected area with all the security controls necessary to manage them, and leave the other systems with fewer controls? It’s not an easy concept to grasp for the majority of the security professionals I know. But the amount of money that can be saved by adopting this framework might provide an unexpected rapid ROI.
After more than two hours of talking and my brain hurting, we agreed to stay in touch. I invite comments from anyone with insight into security technology to protect our military in 2020.