AI/ML is under hyped: More encryption won't solve our biggest security problems
Encryption is a good thing; a very good thing. So good, that networks now have options for optical, Ethernet, IP, HTTP/TLS, and application layer encryption, with quantum key systems also going through an innovation cycle. It would be an understatement to say there are a few encryption options. All of these options are targeted at different buying centers, and therefore, all of them, not coordinating with the other, will find buyers.
Regardless of how much encryption is put on getting bits from A to B, the biggest vulnerabilities are elsewhere.
Image Source: How Machine Learning Can Enable Anomaly Detection
As the recently exposed Russia Hack demonstrates, backdoors in any software can be a trojan horse to all manner of mischief.
There was a time when security was perimeter-based. Then the industry realized that as employees were bringing their own devices inside the perimeter, or even corporate devices used outside the perimeter, they were bringing with them many exposures and vulnerabilities. Perimeter-less security became the solution thrust, arriving where we are today in the march towards zero-trust, where every device is a priori a suspect in a future crime.
Now we have to face a world where not only are devices not to be trusted, but also software installed by IT professionals.
One approach it to try and secure the supply chain. Those investments are going to happen, and they will yield improvements in supply chain security. How much the supply chain of software can be assured, is not clear. Furthermore, we do not even have a null-safe Internet yet, let alone a backdoor-free one. Not to mention the holes that three-letter acronym government agencies are often accused of wanting to leave in software and encryption.
AI/ML will play a role in this drama. I know it is heralded as the answer to everything, hunger, world peace and more. However, IT managers must get more inspection, analysis, and intelligence into what is flying around their networks, to and from applications, etc. This is a job ML was born for.
Time to radically rethink security. AI/ML is underhyped.