Welcome to the Rise of the Machine-to-Machine. Isn't it time to 'block off' some data ducts?
Isolation-based security is getting important
Sysadmin blog Do you remember Web 2.0, Web 3.0 and so forth? It's marketing terminology that was popular at the turn of the millennium and was as used and abused as "cloud" is today. Underneath all the fluff, however, were solid and reasoned ideas about how technology would evolve and the benefits they'd bring.
To understand where technology is going tomorrow, it's worth looking back at where technology has been.
Web 1.0 was all about content. Bare bones web pages made possible by the invention of HTML, early information exchange beyond academia. The technologies of the Web 1.0 era were the answer to the question "what can I know".
Web 2.0 was all about interactivity. Here we saw the emergence of ecommerce sites, wikis, modern-looking instant messengers, audio and video communications, and the first social networks. Web 1.0 provided for information exchange and the technologies of Web 2.0 then focused on letting us actually do something with that information.
Web 3.0 was the world looking at Web 2.0 and seeing that it was a disorganized mess. Web 3.0 technologies were focused on tagging, indexing and searching content. At the time it was called "The Semantic Web". Today, we call it "just metadata", a term that bears with it all the disturbing connotations of exactly what happens when you make the world's communications searchable.
This was where the "Web X.0" marketing mostly stopped. This was in part because everyone and their dog tried to proclaim what Web 4.0 would be, and that only they could do it. It was also because the only people who really got good at Web 3.0 were government spooks, Google and Facebook. None of whom give anyone the warm fuzzies.
Web 4.0 and beyond
Retrospectively, it's fairly easy to pin down what Web 4.0 was. If we look at each of the Webs as turning points in how we conceive of using the internet, then Web 4.0 was the Internet of Things (IoT). The basic idea behind IoT is machine to machine communication. More specifically, it is machine to machine communication on a grand scale.
In the IoT world there already was lots of desired content, much of it available in offline systems. Sensor data, security camera footage, the list goes on. Webs 1 through 3 were all about what humans could do with information. Web 4.0 bypassed the need for figuring out how to organize and present machine data and skipped right to communication.
Web 5.0 then, logically, would be all about cataloguing, indexing, searching and snooping on machine-to-machine data. Because the data produced by the IoT is orders of magnitude more than anything humans could process on their own, Web 5.0 is about the tools and technologies required to process that overwhelming amount of data.
Using today's marketing terms, Web 5.0 would be technologies like Big Data, Machine Learning and Artificial Intelligence. These are all technologies that we're just getting a handle on today, with mass market commercialization hitting its stride.
Allowing for wiggle room of a few years on either side, 1.0 was 1995, 2.0 was 2000, 3.0 was 2005, 4.0 was 2010 and 5.0 was 2015ish. That sounds about right. So what's next?
Humans are awful at planning ahead. We're reactive creatures. We've spent the past 20+ years of modern World Wide Web development rushing headlong into making as much data available to as many people as possible, and we've blindly ignored the price to be paid for this naive openness.
The first two decades of the web were notable for the optimism and idealism of the technologists that birthed it. What I see as the next evolution of the web, however, could be termed a counterpoint to the very ideologies that saw it take shape.
The abuse of technology by bad guys – whether state sanctioned or not – is leading to a lot of investment in technologies that isolate content and communications. Here we could talk about containers, network isolation like NSX and the upcoming market of storage isolation.
There are adjacent technologies to the above that are just as important to this "Web 6.0" movement towards information isolation. Data sovereignty (and associated next generation data locality), context aware automated content tagging and application of Role Based Access Control (RBAC), application profiling of expected behaviours by vendors, workload whitelisting, automated incident response and on and on. This list of emerging next generation security technologies aimed at isolating content and communications is staggeringly expansive.
The internet itself is fracturing. While the public web will always remain, it is important to start referring to it as "the public web". Darknets have proliferated beyond count, with their numbers growing every day. Some are "underground", run by anarchists, criminals or those who are just plain paranoid. Still more of these darknets are commercial network set up for select businesses and clientele, or the internet equivalent of "gated communities" whose purpose is exclusion.
The technologies we use for this today are primitive, at best. The isolation technologies that will be made available to the mass market between 2020 and 2025 will be as transformative to personal and corporate privacy as cloud computing was to IT infrastructure. I, for one, am interested in seeing what everyone comes up with. ®
Sponsored: Becoming a Pragmatic Security Leader