Every year, I try to predict the top trends in security for the upcoming year. To give myself a sense of accountability I always look back at how well those predictions worked out and either abandon them or double-down for the next year! It's time to test my annual security predictions for 2010.
Last year, I predicted:
•Security funding increases by more than 10% to recover from a year of cuts. Sadly I was wrong. Most companies (60%) saw flat security budgets in 2010, capping a three-year trend of underfunding. Let's hope things improve in 2011.
•Congress creates new regulatory compliance mandates. In the wake of the financial meltdown, I expected regulatory compliance burdens to increase in 2010. While HR 4173 (Dodd-Frank) imposes new regulations, the details are left up to several agencies, some newly created and yet to be bootstrapped. Right now, it's hard to tell what will come of those regulations.
•Self-propagating mobile phone worms and Trojans. Internet-connected smartphones with complex and sophisticated software can mean only one thing: self-propagating viruses/worms. IKee.B is a true self-propagating worm, though it depends on a vulnerable SSH server found only on jailbroken iPhones (plus it was released late in 2009). I'll call this a miss, but I will repeat it for 2011. It's only a matter of time.
•Cloud computing providers introduce encryption-at-rest and other security capabilities "as a service". I was really hoping this one would come true, partly because we could use such services at Nemertes. Unfortunately, security services are not yet a priority for IaaS providers. Security continues to be the biggest impediment to IaaS adoption (for 51.4% of participants in our research, more than double the next biggest challenge). I will also repeat this prediction for 2011.
•The FBI issues tens of thousands of security letters to get records on individuals without warrants. This one was too easy. Power corrupts and becomes its own end. On top of national security letters and eavesdropping, both unchallenged and unreformed by the Obama administration we now have "don't touch my junk" to add to the epitaph of the 4th amendment. Maybe I should predict warrantless cavity searches for 2011? At least one area where bipartisanship rules: both parties think our privacy is not worth much at all.
•Real ID dies a deserved death and is abandoned in 2010. It appears that with Nevada backtracking on implementation and other states opting-out, Real ID is truly dead. No one has attempted to resurrect it in this Congress, so perhaps sanity has prevailed. A successful prediction.
My last prediction was sarcastic in nature. I said "The Transportation Security Administration stops wasting billions of dollars in traveler delays by confiscating water bottles and removing shoes. Instead it focuses on real threats based on rational risk assessment, not security theater based on movie plots. OK, unlikely, but I can dream, can't I?"
That dream was rudely interrupted when it "met resistance" during an "enhanced pat-down" at IAD after I opted out of melanoma-causing unnecessary radiation exposure. I can't wait until they equip the TSA with Tasers.
Total score: 3.5 out of 7. About as accurate as a coin-toss, let's hope I do better in 2011.
[ Also read: Security absurdity: US in sensitive information quagmire ]
Read more about wide area network in Network World's Wide Area Network section.
This story, "What security wrought in 2010" was originally published by Network World.