Opinion: Security predictions for 2009
Network World - My predictions for information security in 2009 are just predictions, not recommendations. I am trying to guess what will happen, not suggesting what should happen. As always, take these with a grain of salt.
Though these predictions are based on primary research and many, many discussions with chief security officers, they concern information security only and can be affected by external factors that are unpredictable (at least by me). Case in point: My predictions for 2008 did not take into account a severe downturn in the economy that was already under way at the beginning of the year. Let's hope that my 2009 predictions also miss the mark by assuming a continuation of economic difficulties that turn out to be less severe than predicted. Here goes:
Host-based security will become the focus for 2009. The imminent release of Windows 7 and the continued interest in Mac OS and Linux as alternative desktops are once again focusing attention on operating system and endpoint security.
Mobile security concerns and solutions will continue apace. The Android and iPhone systems continue to grow, and with them comes an ecosystem of independent application developers. With mobile devices truly becoming "platforms" for all kinds of new applications, security issues are not far behind. 2009 could be the year of the first widespread security scare on a mobile platform. Perhaps a rogue application? A Trojan horse?
Encryption will grow in use. At-rest encryption of hard drives on all desktop systems will become the norm. Servers will still lag behind. Encryption of mobile-device storage will start getting interesting. And once again in 2009, it'll still be impossible to send an encrypted e-mail to someone without making special arrangements in advance. Public-key infrastructure (PKI) encryption remains fragmented in small disconnected islands. Ugh.
No news is bad news. There will be no new, high-profile, fast-spreading megaworms, and the world will rejoice at the defeat of malware. Meanwhile, superstealthy malware will spread further than ever before, and those in the know will quietly weep.
New botnets will be discovered, and they'll be bigger than ever. The malware industry feeds the ever-increasing botnet industry. As usual, most of the innovation happens on the "other" side of the industry. Botnet makers will continue to build incredible distributed, encrypted, anonymous, unbreakable command-and-control systems. Who said there are no profits to be made in 2009? If only BTNT was a publicly traded stock!
Regulatory compliance will be back with a vengeance. All the scandals and Ponzi schemes you heard about in 2008 will become subtitles for new regulations in 2009 and beyond. Regulations in hedge funds, credit-default swaps and derivatives are just the beginning. A whole new industry of auditors, special software and consultants will rise to meet the challenge. You thought the Sarbanes-Oxley Act was a pain? Just wait.
Security projects will struggle for funding. It will take a lot of arguing to get a budget for more than upkeep in 2009. But wait, regulatory compliance comes to the rescue: Use compliance to push through budget requests on everything. It's 2007 all over again!
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts