Opinion: Security predictions for 2009
Network World - My predictions for information security in 2009 are just predictions, not recommendations. I am trying to guess what will happen, not suggesting what should happen. As always, take these with a grain of salt.
Though these predictions are based on primary research and many, many discussions with chief security officers, they concern information security only and can be affected by external factors that are unpredictable (at least by me). Case in point: My predictions for 2008 did not take into account a severe downturn in the economy that was already under way at the beginning of the year. Let's hope that my 2009 predictions also miss the mark by assuming a continuation of economic difficulties that turn out to be less severe than predicted. Here goes:
Host-based security will become the focus for 2009. The imminent release of Windows 7 and the continued interest in Mac OS and Linux as alternative desktops are once again focusing attention on operating system and endpoint security.
Mobile security concerns and solutions will continue apace. The Android and iPhone systems continue to grow, and with them comes an ecosystem of independent application developers. With mobile devices truly becoming "platforms" for all kinds of new applications, security issues are not far behind. 2009 could be the year of the first widespread security scare on a mobile platform. Perhaps a rogue application? A Trojan horse?
Encryption will grow in use. At-rest encryption of hard drives on all desktop systems will become the norm. Servers will still lag behind. Encryption of mobile-device storage will start getting interesting. And once again in 2009, it'll still be impossible to send an encrypted e-mail to someone without making special arrangements in advance. Public-key infrastructure (PKI) encryption remains fragmented in small disconnected islands. Ugh.
No news is bad news. There will be no new, high-profile, fast-spreading megaworms, and the world will rejoice at the defeat of malware. Meanwhile, superstealthy malware will spread further than ever before, and those in the know will quietly weep.
New botnets will be discovered, and they'll be bigger than ever. The malware industry feeds the ever-increasing botnet industry. As usual, most of the innovation happens on the "other" side of the industry. Botnet makers will continue to build incredible distributed, encrypted, anonymous, unbreakable command-and-control systems. Who said there are no profits to be made in 2009? If only BTNT was a publicly traded stock!
Regulatory compliance will be back with a vengeance. All the scandals and Ponzi schemes you heard about in 2008 will become subtitles for new regulations in 2009 and beyond. Regulations in hedge funds, credit-default swaps and derivatives are just the beginning. A whole new industry of auditors, special software and consultants will rise to meet the challenge. You thought the Sarbanes-Oxley Act was a pain? Just wait.
Security projects will struggle for funding. It will take a lot of arguing to get a budget for more than upkeep in 2009. But wait, regulatory compliance comes to the rescue: Use compliance to push through budget requests on everything. It's 2007 all over again!
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts