I’m seeing a trend in the paradigm of content creation, content source, and content display, and I’m seeing the trend in both the internet web content space as well as information security.
Web content has traditionally been tied to the location that it was created, i.e. The New York Times website, or cnn.com. So someone would write content on that website, and then people would come to that website to view it.
The two are linked.
But then RSS came along, and it provided a way to get the content itself without the wrapper. And now mobile applications are doing the same thing.
The mobile apps are the wrappers. Apps like Flipboard. You pick the content you want, by topic or direct source, and the wrapper handles how it’s displayed to you.
I think the same thing is happening in information security.
Right now we have a trillion sources of security data, and 14 billion ways to display that data. Those are rough numbers. And every vendor is pitching their own interface that you’re encouraged to use to get their content. Many vendors also have the ability to export their content elsewhere, but they wish you wouldn’t ask them to.
The point is that in information security we’re going to be consolidating a few pieces of this data lifecycle soon.
- For one, there will be far fewer data sources. It’ll be a consolidated data lake, and anything that wants to get security data will go there.
- Next, you’ll have companies that perform operations on that data. That’s the secret sauce. It’s the big data analysis algorithms. Finding the needles and all that. That’s step two.
- Finally, the output will go out to more consolidated and standardized interfaces. Think of an Archer/ArcSight/Splunk/Chart.io/Whatever type of interface that starts to settle down in terms of standardized modules people like to see. It’ll be an interface that people intuitively understand when they see it, and they know where to go look for what they want.
So web content is being pulled out of websites and is being displayed in apps. And security content will get pulled out of tools and be displayed in standardized infosec interfaces.
Look for it.