Forward Thinking with Anton Chuvakin: Network Security Predictions for 2011, Part 1

Posted: January 11, 2011 in Industry Commentary, IT policy
Tags: , , , , , ,

Editor’s Note: This post is part of the Forward Thinking series, which features expert opinions on the top security trends of 2011.

By Anton Chuvakin

My past forecasting experience shows that I am a cowardly, extrapolating predictor – and can get a lot of the easy, obvious stuff right. Great! Even so, I will do some predictions now, since there is nothing wrong with extrapolation and the “Feynman prediction methodology” [=predicting that whatever is there now will stay the same in the future]). But I will try to be a bit wilder, like I was in my 2020 (!) security predictions.

Here are my top issues/ top security predictions for 2011:

• PCI DSS 2.0 marches on: This is the year when PCI DSS gets even bigger (if you can imagine it!). And smaller too, as smaller businesses will start to “get” PCI. Great news! On the not-so-good side of PCI, I predict that a few of “validated compliant” companies will be found abysmally non-compliant and insecure – after a breach or otherwise. Maybe some QSA heads will roll as a result, especially those “remote-assessing” “easy-graders.” The challenges of compliance in non-traditional environments (virtual, cloud, mobile devices, non-traditional payment methods, etc) will rise to prominence as well.

• HIPAA teeth: Yes, this is one of those things that people have been predicting since 1996 (yes, really!). But somehow I feel like this time – in 2011 – HIPAA/HITECH enforcement will be for real. OK…you can call me an idiot in a year, if I am wrong here.

• Application security and application security monitoring: The Gunnar paradox on firewalls+SSL may finally start to break in 2011. I predict that not only web application security — but also many internal “enterprise” applications — will get in scope for SIEM, correlation, near-real-time monitoring, etc. And not just at “adventurous” security leader companies, but also in the early and mainstream ones.

• Still no mobile malware deluge: Enough about this one. Enough! Enough! For sure, there will be isolated (and possibly pretty bad) malware incidents, but nothing like “Slammer for iPhone” or “Blaster for Android” in 2011. I suspect that PCs will still have more “money” and more holes and so this is what the bad guys will continue to steal.

Stay tuned for more predictions from Anton Chuvakin.

Comments
  1. […] This post was mentioned on Twitter by VPN Haus. VPN Haus said: New blog post: Forward Thinking with Anton Chuvakin: Network Security Predictions for 2011, Part 1 http://bit.ly/ev7TKB […]

  2. […] Forward Thinking with Anton Chuvakin: Network Security Predictions for 2011, Part 1 […]

  3. […] wrap up the Forward Thinking series. We’ve had some insightful predictions on network security trends for 2011, so we’ll close this series with thoughts from two more seasoned IT professionals. And […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s