When the world's richest man decides it is time for his company to change direction, it is worth asking why. Only rarely does Bill Gates send an e-mail memo to the thousands of employees at Microsoft, the world's largest software company, of which he is chairman. He famously sent such a memo in December 1995, in which he announced that Microsoft had to become "hardcore" about the Internet. In January this year Mr Gates sent another round-robin. Its subject? The importance of computer security.

Until recently, most people were either unaware of computer security or regarded it as unimportant. That used to be broadly true, except in a few specialised areas — such as banking, aerospace and military applications — that rely on computers and networks being hard to break into and not going wrong. But now consumers, companies and governments around the world are sitting up and taking notice. Why?

The obvious answer seems to be that last year's terrorist attacks in America have heightened awareness of security in all its forms. But the deeper reason is that a long-term cultural shift is under way. Digital security has been growing in importance for years as more and more aspects of business and personal life have come to depend on computers. Computing, in short, is in the midst of a transition from an optional tool to a ubiquitous utility. And people expect utilities to be reliable. One definition of a utility, indeed, is a service that is so reliable that people notice it only when it does not work. Telephone service (on fixed lines, at least), electricity, gas and water supplies all meet this definition. Computing clearly does not, at least not yet.

One of the many prerequisites for computing to become a utility is adequate security. It is dangerous to entrust your company, your personal information or indeed your life to a system that is full of security holes. As a result, the problem of securing computers and networks, which used to matter only to a handful of system administrators, has become of far more widespread concern.

Computers are increasingly relied upon; they are also increasingly connected to each other, thanks to the Internet. Linking millions of computers together in a single, cloud-like global network brings great benefits of cost and convenience. Dotcoms may have come and gone, but e-mail has become a vital business tool for many people and an important social tool for an even larger group. Being able to access your e-mail from any web browser on earth is tremendously useful and liberating, as both business travellers and backpacking tourists will attest. Corporate billing, payroll and inventory-tracking systems are delivered as services accessible through web browsers. Online shop fronts make it fast and convenient to buy products from the other side of the world.

The Price of Openness
The flip side of easy connectivity and remote access, however, is the heightened risk of a security breach. Bruce Schneier, a security expert, points out that when you open a shop on the street, both customers and shoplifters can enter. "You can't have one without the other," he says. "It's the same on the Internet." And as music, movies, tax returns, photographs and phone calls now routinely whizz around in digital form, the shift from traditional to digital formats has reached a critical point, says Whitfield Diffie, a security guru at Sun Microsystems: "We can no longer continue this migration without basic security."

The September 11th attacks, then, reinforced an existing trend. Government officials, led by Richard Clarke, America's cyber-security tsar, gave warning of the possibility that terrorists might mount an "electronic Pearl Harbour" attack, breaking into the systems that control critical telecommunications, electricity and utility infrastructure, and paralysing America from afar with a few clicks of a mouse. Most security experts are sceptical, but after spending years trying to get people to take security seriously, they are willing to play along. Scott Charney, a former chief of computer crime at the Department of Justice and now Microsoft's chief security strategist, says Mr Clarke's scare-mongering is "not always helpful, but he has raised awareness."

The terrorist attacks certainly prompted companies to acknowledge their dependence on (and the vulnerability of) their networks, and emphasised the importance of disaster-recovery and back-up systems. A survey of information-technology managers and chief information officers, carried out by Morgan Stanley after the attacks, found that security software had jumped from fifth priority or lower to become their first priority. "It's moved up to the top of the list," says Tony Scott, chief technology officer at General Motors. "It's on everybody's radar now."

The growing emphasis on security over the past year or two has been driven by a combination of factors, and has shown up in a variety of ways. Chris Byrnes, an analyst at Meta Group, a consultancy, notes that the proportion of his firm's clients (mostly large multinational companies) with dedicated computer-security teams has risen from 20% to 40% in the past two years. He expects the figure to reach 60-70% within the next two years. Previously, he says, it was financial-services firms that were most serious about security, but now firms in manufacturing, retailing and other areas are following suit.

• 1
• 2
• 3
• next »