Transforming the Information Security Paradigm

black and white photo of a stone fortress

Information security has remained relatively unchanged for the past thousand years. Science has improved on the techniques, but the underlying principles remain basically the same. The approach can be best described as a combination of the fortress and secrecy.

The thought is to build things stronger and keep any special knowledge from attackers.

This perspective has evolved into terms like trust, passwords, vaults, firewalls and perimeters. One thing all these concepts and practices have in common is that they are largely static.

The result is the development of "strong" walls and "complex" passwords. Only recently has the need for changing passwords – perhaps every 30 days – come into common practice. But this change is limited by the ability of human memory to manage passwords.

This entire paradigm has become more complicated (and hence more vulnerable) by the incorporation of anthropomorphic concepts in digital operations.

It’s time for a fundamental change that will remove all vestiges of anthropomorphic design and function from digital operations. This will result in cybersecurity operating not at the speed of human thought, but at digital clock speed, yielding significant transformations in security.

Vulnerabilities that plague systems today will become fossils of the past:

  • Lost and compromised passwords will be gone.
  • Stolen credentials that enable hacker to login to the target’s system will no longer exist.
  • Personal identifying information will no longer be used in digital operations.
  • Operational information in the SECDEVOPS environment will all be transitory, ephemeral and exist for only fractions of a second.

This is the QWERX vison of security – not in the future, but deliverable today.

Leave a Comment