We recently hosted our inaugural Debate{X} at Two Sigma Ventures, where we invited 5 of our Two Sigma colleagues for a Churchill Club style debate on what the most impactful & non-obvious trends are that will shape the security industry over a 5 year timeframe. Frances Schwiep & Mickey Graham from our team co-MC’ed a night of lively debate between Two Sigma employees across engineering management, security infrastructure, platform reliability engineering, security architecture, and security engineering teams.
Each panelist presented their thesis one at a time. The rest of the speakers then had the chance to agree or disagree, offering their rebuttals or support. At the end, we had an audience vote on the most compelling thesis presented. Here were the five theses our security experts offered up for debate:
1. Passwords Will Be Gone — Christos Zoulas, Engineering Management
The traditional means of authentication will gradually disappear given how easily they can be subverted and how the power of what a user can do from his online accounts increases. They will be replaced by multifactor authenticators that combine biometrics (something you are) with hardware tokens (something you have) and will work seamlessly.
2. Your Data Will (Again) Be Yours: Decentralization of Personal Information — Ethan Christ, Security Infrastructure
You will regain control of your personal data and with whom it is shared. Shifts in privacy concerns, regulation, and the developer ecosystem are fostering the creation of backend platforms that will decouple data from apps and diminish the monopolistic control companies like Facebook have over your personal information.
3. Back to the Future: Data-Centric Security — Tad Taylor, Security Architecture
In the past, approaches to computer security focused on protecting data (Mandatory Access Control a lá Bell & LaPadula, Information Flow Models) but with the increasing fluidity of data in the coming years (Cloud, loss of the perimeter, mobile), data-centric security will become paramount. Data will have to be self-protecting and self-describing. It will be possible to set conditions on a data object to limit where and how it can be accessed. For example, a subject may have read access rights to a piece of data, but the conditions for access may depend on the strength of the user’s authentication and attestation of the user’s environment.
4. If You Want to Keep a Secret, Don’t Tell Anyone — Thor Simon, Security Engineering
An increasing pace of high-consequence data breaches, coupled with increased awareness of the susceptibility of online data to hacking, will become a serious drag on consumer adoption of new products and services. A surprising number of consumers may even attempt — unsuccessfully — to withdraw their most sensitive personal information from electronic storage entirely, reverting to paper records and in-person transactions. Such efforts will fail, but this in turn may lead to a reduction in brand loyalty, and paradoxical behavior such as customer flight to smaller players with privacy and security practices that are even less well understood.
5. IoT Devices as a Service —Matthew Selsky, Platform Reliability Engineering
Connected devices (e.g. mobile phones, smart devices, autonomous cars, and IoT sensors) will move from a one-time purchase to a leasing/pay-as-you-go model in the next 5 years. The reason is twofold: consumers will increasingly have difficulty properly securing devices through the lifecycle of ownership and updates, and in the future vulnerabilities may be discovered after a device’s release that are unable to be secured with firmware or software patches (thus rendering them useless).
It was a close count in overall votes (with a lot of back & forth and changing leads), but in the end the audience was most convinced by the thesis that “Passwords Will Be Gone.” We’re going to be hosting a second Debate{X} on AI/ML trends later in March, so make sure to sign up our newsletter if you’re interested in receiving future invites. Additionally, we’d love to hear from you if you have any topics you’d like to see discussed, or if you have any panelists you want to see go head to head for the next Debate{X} crown.
