IT-Security. Perspective, History, Present and Future

Transcription

1 IT-Security Perspective, History, Present and Future Prof. Dr. Norbert Pohlmann Chairman of the Board TeleTrusT Germany Association

2 Content TeleTrusT Germany IT Security and Trustworthiness from 1989 till now The Situation today: A Critical Assessment A Look into the Future: What are the challenges? Summary 2

3 Content TeleTrusT Germany IT Security and Trustworthiness from 1989 till now The Situation today: A Critical Assessment A Look into the Future: What are the challenges? Summary 3

4 TeleTrusT Deutschland e.v. Situation Founded in 1989 Members 100+ Government institutions (Federal German security agency, Federal police organization, ) User Organizations (Banks, DATEV (Tax consulting service provider), SAP, Siemens, ) Security Companies (Secunet, Rohde & Schwarz, PGP, SCM, Sirrix, nexus, ) Research Institutes / University (different Fraunhofer Institutes, UNI Podsdam, Institute for Internet-Security - if(is), ) IT Security consultants (Secorvo, TüvIT, INFORA, ) Partner (ECO, VOI, GDD, LSEC Association, ) 4

5 TeleTrusT Germany What is the TeleTrusT Association? Mission Together for more Security and Trustworthiness in our connected Information and Knowledge Society What is special about the TeleTrusT Association? Competent network Interdisciplinary International Projects European Bridge CA T.I.S.P. (TeleTrusT Information Security Professional) ISSE (Information Security Solutions Europe) RSA Conference Network Electronic Commerce 5

6 Content TeleTrusT Germany IT Security and Trustworthiness from 1989 till now The Situation today: A Critical Assessment A Look into the Future: What are the challenges? Summary 6

7 IT Security and Trustworthiness ~ 1989: Communication Security Defense model: Link- and Data Network Encryption Our attitude: IT Trend: Individualization and decentralization of IT Goce Dreamstime.com We have to hurry, before all security problems are solved. 7

8 IT Security and Trustworthiness ~ 1999: Perimeter and Infrastructure Security IT Trend: Professionalization of the Internet: and web system Defense model: Firewall and VPN system Digital Signature, security and PKI Our attitude: We have the IT security under control! Agencyby Dreamstime.com by Danny de Wit 8

9 IT Security and Trustworthiness ~ 2009: Malware / Software Updates IT Trend: Smart Phones, Mobile Internet Web 2.0 Vulnerability by software errors Defense model: Anti-Malware, Software Upgrades, Personal Firewalls Our attitude: The IT Security problems are more than we can cope with! 9

10 Content TeleTrusT Germany IT Security and Trustworthiness from 1989 till now The Situation today: A Critical Assessment A Look into the Future: What are the challenges? Summary 10

11 IT Security and Trustworthiness Today: A Critical Assessment (1/4) Changes, Progress, Future Development into a connected information and knowledge society. IT Security is a changing challenge The Internet is going beyond all borders and culture! Time and region don t matter anymore! Development and change in IT are faster than ever. The users always need to adsorb knowledge to act in the right way. The protected values are constantly rising. The values that we have to protect are changing over the time. We see an innovation in attack models and the attackers are getting more professional. IT security mechanisms are getting more complex, more intelligent and more distributed. Over the time our IT security problems are getting bigger and bigger! 11

12 IT Security and Trustworthiness Today: A Critical Assessment (2/4) Problems: Computer Security The quality of our software is not secure enough! Weak detection rate for malware only 75 to 90%! Every 25. computer has malware! The internet users are badly prepared. Security Less than 4 % of the users encrypt s (S/MIME, PGP, ) Less than 6 % of the users sign s (In the financial world we see much more) More than 95 % Spam s! (in the Infrastructure see the new ENISA report) 12

13 IT Security and Trustworthiness Today: A Critical Assessment (3/4) Problems: Identity Management Password, Password, Password, are the tools in the Internet! Identification spaces are in the companies and customer environments! They are not international! Federations are not used enough! Web Server Security Bad security for web server / web sides Today the main distribution of malware comes over web server A lot of web servers are badly implemented! Patches are not installed and if so, often very late! 13

14 IT Security and Trustworthiness Today: A Critical Assessment (4/4) The level of IT Security and Trustworthiness of our IT Systems are insufficient! Ideas for solutions: Responsibility of the producer Demand of IT security / IT security branch Trusted Computing Karl12 Dreamstime.com 14

15 Content TeleTrusT Germany IT Security and Trustworthiness from 1989 till now The Situation today: A Critical Assessment A Look into the Future: What are the challenges? Summary 15

16 Very fast innovation Intelligent IT devices and flexible IT services Competent people for fast innovation Olegbabich Dreamstime.com, Xy Dreamstime.com Flexible IT devices and services for flexible working conditions Alex Slobodkin istockphoto 16

17 Age pyramid Secure and trustworthy collaboration Twice the number of people will retire from working life Fjvsoares Dreamstime.com, Andresr Dreamstime.com Open Object Security less Perimeter Security by Danny de Wit 17

18 More CPUs, more performance Trusted Computing in all things Internet of Things Spontaneous Distributed Application istockphoto.com, Yanko Design 18

19 More artificial intelligence IT fairy Software Assistant More power, more Intelligence For everybody a Good IT Fairy Geo Images istockphoto.com, Yanko Design 19

20 More clever and complex Attack models The digital world is dangerous like the tools we use! simscript.com 20

21 Content TeleTrusT Germany IT Security and Trustworthiness from 1989 till now The Situation today: A Critical Assessment A Look into the Future: What are the challenges? Summary 21

22 TeleTrusT Germany Summary We have to do something, to make our digital future more secure and more trustworthy! For that we need a quantum leap in the Security Technology, in the Procedure in the Co-operation with other organizations. The future starts now, so let us start together! TeleTrusT is ready to take responsibility for that 22

23 TeleTrusT Germany Perspective, History, Present and Future Thank you for your attention! Questions? Prof. Dr. Norbert Pohlmann Chairman of the Board TeleTrusT Germany Association