Opinion: Security predictions for 2009

Network World - My predictions for information security in 2009 are just predictions, not recommendations. I am trying to guess what will happen, not suggesting what should happen. As always, take these with a grain of salt.

Though these predictions are based on primary research and many, many discussions with chief security officers, they concern information security only and can be affected by external factors that are unpredictable (at least by me). Case in point: My predictions for 2008 did not take into account a severe downturn in the economy that was already under way at the beginning of the year. Let's hope that my 2009 predictions also miss the mark by assuming a continuation of economic difficulties that turn out to be less severe than predicted. Here goes:

Host-based security will become the focus for 2009. The imminent release of Windows 7 and the continued interest in Mac OS and Linux as alternative desktops are once again focusing attention on operating system and endpoint security.

Mobile security concerns and solutions will continue apace. The Android and iPhone systems continue to grow, and with them comes an ecosystem of independent application developers. With mobile devices truly becoming "platforms" for all kinds of new applications, security issues are not far behind. 2009 could be the year of the first widespread security scare on a mobile platform. Perhaps a rogue application? A Trojan horse?

Encryption will grow in use. At-rest encryption of hard drives on all desktop systems will become the norm. Servers will still lag behind. Encryption of mobile-device storage will start getting interesting. And once again in 2009, it'll still be impossible to send an encrypted e-mail to someone without making special arrangements in advance. Public-key infrastructure (PKI) encryption remains fragmented in small disconnected islands. Ugh.

No news is bad news. There will be no new, high-profile, fast-spreading megaworms, and the world will rejoice at the defeat of malware. Meanwhile, superstealthy malware will spread further than ever before, and those in the know will quietly weep.

New botnets will be discovered, and they'll be bigger than ever. The malware industry feeds the ever-increasing botnet industry. As usual, most of the innovation happens on the "other" side of the industry. Botnet makers will continue to build incredible distributed, encrypted, anonymous, unbreakable command-and-control systems. Who said there are no profits to be made in 2009? If only BTNT was a publicly traded stock!

Regulatory compliance will be back with a vengeance. All the scandals and Ponzi schemes you heard about in 2008 will become subtitles for new regulations in 2009 and beyond. Regulations in hedge funds, credit-default swaps and derivatives are just the beginning. A whole new industry of auditors, special software and consultants will rise to meet the challenge. You thought the Sarbanes-Oxley Act was a pain? Just wait.

Security projects will struggle for funding. It will take a lot of arguing to get a budget for more than upkeep in 2009. But wait, regulatory compliance comes to the rescue: Use compliance to push through budget requests on everything. It's 2007 all over again!

Reprinted with permission from

For more information about enterprise networking, go to NetworkWorld.com
Story copyright 2009 Network World, Inc. All rights reserved.