Archive for January, 2011

Computerworld, Security Manager’s Journal: Lifting Rocks and Seeing What Dangers Lurk Beneath Them
Information Magazine, Mobile Device Security Needs New Approach, Experts Say
Mobile Enterprise, What to Watch for in Enterprise Mobility
Network World, Survey on PCI: How It’s Impacting Network Security
Processor, Supporting Mobile Users

Editor’s Note: This post is part of the Forward Thinking series, which features expert opinions on the top security trends of 2011.

“IT law is evolving quickly. As technology changes, authorities around the world are enacting many new laws on security, privacy and data management. Globalization is exposing enterprises to the jurisdiction of countries they have never thought much about from a legal perspective. The result is that surprises abound and legal compliance becomes somewhat chaotic.” – Ben Wright, attorney and author of technology law books.

“In terms of threats I’m not expecting to see anything new in 2011 that we haven’t already seen in 2010 and before. However, I would expect an increase in breaches, better regulation within industries in certain parts of the world and companies being held more accountable. Because of this I think it is important for companies to invest more in detecting breaches, improve or establish sufficient incident handling and response procedures and ensure compliance with tighter regulations where they exist. Compliance work is playing an ever increasing part in security professionals’ lives and I see this trend increasing in 2011.” – Thomas Cannon, security researcher

“This year, there will be a wakeup call on mobile device security. Surveys show  three out of four people use their mobile device to share or access sensitive or personal data. And given the sophistication of attack vectors, every morsel of personal information fed to hackers gets them closer to gaming security. What’s even more startling, the very definition of a hacker is changing – the architects behind some recent attacks have been hobbyists, who in a few hours could penetrate corporate security defenses.” – H. Peter Felgentreff, CEO,  NCP engineering

Enterprise Networking Planet, IPv6 Day is Coming (But Not Until June)
Gartner Blog, Security Search Shenanigans – Where is NAC on the Hype Cycle?
Insecure About Security, Nearly Half of Large Mid-Market and Enterprise Organizations Will Increase Networking Spending in 2011
InfoWorld, Security Admins: Prepare for Tomorrow’s Tech Trend Today

By Anton Chuvakin

  • Mainstream security in the cloud:  Yes, Qualys and a few others have been doing it since 1999 and a few cloud security providers has been absorbed into large entities (latest, sort of). But I suspect that in 2011 we will see much more of “ approach to security of … now in the cloud.” By the way, I mean REALLY using SaaS/PaaS/IaaS cloud options and not “press-release cloud” like many do today.
  • “New” types of incidents:  Going on limb, I predict a few large (and very damaging) breaches, NOT involving regulated PII, but good old secrets. Wikileaks mentality + cybercrime resources = a fun year!
  • SIEM for dummies:  OK, this is another risky one. As you know, there is no leader in the SMB/SME SIEM market and I am really looking for somebody to climb on that hill. The world needs a penultimate “SIEM for dummies.” As of today, SIEM is decidedly not.
  • Security vendors:  Despite the silly 2007 predictions by the RSA CEO, there will still be hundreds of security companies around. However, some of the players will definitely feel like they “overstayed the market’s welcome” (e.g. some legacy SIEM vendors) and will either die or firesale.
  • Risk “management”: Every past year, I predicted that we will remain dazed and confused about how to apply risk to information security in an objective manner (objective, not necessarily quantitative). This year…. drumroll… I am laying these dark thoughts to rest – at least for a while. Maybe, just maybe, we are starting to see both data and approaches that will eventually give us something to work with. And no just whine about it.

For Part 1 on this series, click here.

InformationWeek, Mathias On Mobility: RIM’s BlackBerry Far From Doomed
InfoWorld, Cloud Computing Used to Hack Wireless Networks
PC World, Telecommuting is Good for Employees and Employers
Processor, Mobile Access Trends To Watch In 2011
Securosis Blog, Mobile Device Security: 5 Tactics to Protect Those Buggers