Johan Paulsson, CTO of Axis Communications, looks at the top trends that will dominate security next year.
It’s always fun (and sometimes useful) to gaze into the future trends that will affect the security sector, and looking into 2020, we see a series of interrelated trends being driven through a fundamental change in computing.
1. The world on the edge
This isn’t an opinion on the current state of the world, but rather a reflection that we are seeing a growing momentum towards
computing at the “edge" of the network, as an increasing number of connected devices would benefit from the ability to instantly sense what is happening, decide what to do, and take action.
Autonomous vehicles are an obvious example. Whether in relation to communications with the external environment (e.g. traffic signals) or through sensors detecting risks (e.g. an object walking in front of the car), decisions must be processed in a split second. The latency of data being sent from the car across the network for processing and analysing in a data center before being returned with a decision on the action to be taken is unacceptably long.
It is the same with video surveillance. If we are to move towards the proactive rather than reactive – to prevention of incidents rather than response after the fact – more processing of data and analysis needs to take place within the camera itself.
But the increase in devices at the edge, and with them playing a more critical role in safety and security, creates a number of consequences, which I’ll explore below.
2. Processing power in dedicated devices
Dedicated and optimized hardware and software – designed for the specific application – is essential with the move towards greater levels of edge computing. Connected devices will need increased computing power, and be designed for purpose from the silicon up, which is why Axis continues to invest in its own chip. This allows us to design an integrated circuit – or "system-on-chip" – specifically for the video surveillance needs of today and the future and, crucially, to design with a security-first mindset.
The concept of embedded AI in the form of machine and deep learning computation will also be more prevalent moving forwards. For those working with it,
AI – or more accurately machine learning and deep learning – has now passed beyond being a buzzword and become an everyday reality. It is being used more than most people appreciate – it’s just invisible to them. Again, however, one aspect that will need to be addressed is to create new deep learning models that are ‘lighter’, demanding less memory and computational power.
3. Towards the trusted edge
Trust takes many forms. Trust that organizations will collect and use our data responsibly; trust that devices and data are secure from cybercriminals; trust that the data itself is accurate and that the technology itself will work as designed. The edge will be the point at which this trust will be created or destroyed.
Trust through the entire supply chain will be vital. While embedding spying chips on the hardware itself is a relatively distant possibility, it would be far easier to install a spying “backdoor” into a device through a subsequent firmware upgrade than at point of manufacture.
Issues around personal privacy will continue to be debated around the world. While technologies such as dynamic anonymization and
masking can be used on the edge to protect privacy, attitudes and regulation are inconsistent across regions and countries. The need to navigate the international legal framework will be ongoing for companies in the security sector.
With more processing and analysis of data taking place in the device itself,
cybersecurity will become ever more critical. Even when faced with evidence of the increasingly numerous and sophisticated cyberattacks, many organizations are still failing to undertake even the most basic firmware upgrades. Fundamental to a secure system is the need for both individual device management and to comprehensive lifecycle management of the entire surveillance solution, through clear hardware, software and user policies.
4. Regulation: Use cases vs. technology
It is difficult, if not impossible, to regulate technology (and rightly so, in most instances). It is only realistic to regulate the use cases of technology.
Attitudes towards appropriate use cases and regulations around them differ around the world. The EU’s General Data Protection Regulation (GDPR) is one of the highest profile examples, and one of the most stringent data regulations on the planet. Other countries are far less strict, and many organizations in other regions providing online services are blocking access for EU citizens due to their lack of compliance with GDPR.
Regulations are struggling to keep pace with advances in technology, but governments will continue to look at ways to control use cases to the benefit of citizens or themselves. It’s a dynamic landscape that the industry will need to navigate, and where business ethics will continue to come under intense scrutiny.
5. Network diversity
As a direct result of some of the regulatory complexities, privacy and cybersecurity concerns, we’re seeing a move away from the fully open internet of the past two decades. While the internet and public cloud services will remain part of how we transfer, analyze and store data, hybrid and private clouds are growing in use. We’re seeing an increase of “smart islands,” where systems for specific applications have limited and direct connections to other interdependent systems.
While some people regard any move away from openness as undesirable, the arguments in relation to security and data protection are compelling. In addition, previously one of the benefits of openness and data sharing was regarded as being advances in AI and machine learning, the assumed wisdom being that machine learning depends on huge data sets in order to let the computers learn. However, advances mean that today, pre-trained network models can be tailored for specific applications with a relatively small amount of data.
Gazing into a crystal ball is hazardous in any environment - in the technology sector it can be regarded as positively foolish! But it’s essential that in looking to meet the security needs of today, we have an eye on the opportunities and risks that will face us all in the future.