Editor’s Note: This post is part of the Forward Thinking series, which features expert opinions on the top security trends of 2011.
By Anton Chuvakin
My past forecasting experience shows that I am a cowardly, extrapolating predictor – and can get a lot of the easy, obvious stuff right. Great! Even so, I will do some predictions now, since there is nothing wrong with extrapolation and the “Feynman prediction methodology” [=predicting that whatever is there now will stay the same in the future]). But I will try to be a bit wilder, like I was in my 2020 (!) security predictions.
Here are my top issues/ top security predictions for 2011:
• PCI DSS 2.0 marches on: This is the year when PCI DSS gets even bigger (if you can imagine it!). And smaller too, as smaller businesses will start to “get” PCI. Great news! On the not-so-good side of PCI, I predict that a few of “validated compliant” companies will be found abysmally non-compliant and insecure – after a breach or otherwise. Maybe some QSA heads will roll as a result, especially those “remote-assessing” “easy-graders.” The challenges of compliance in non-traditional environments (virtual, cloud, mobile devices, non-traditional payment methods, etc) will rise to prominence as well.
• HIPAA teeth: Yes, this is one of those things that people have been predicting since 1996 (yes, really!). But somehow I feel like this time – in 2011 – HIPAA/HITECH enforcement will be for real. OK…you can call me an idiot in a year, if I am wrong here.
• Application security and application security monitoring: The Gunnar paradox on firewalls+SSL may finally start to break in 2011. I predict that not only web application security — but also many internal “enterprise” applications — will get in scope for SIEM, correlation, near-real-time monitoring, etc. And not just at “adventurous” security leader companies, but also in the early and mainstream ones.
• Still no mobile malware deluge: Enough about this one. Enough! Enough! For sure, there will be isolated (and possibly pretty bad) malware incidents, but nothing like “Slammer for iPhone” or “Blaster for Android” in 2011. I suspect that PCs will still have more “money” and more holes and so this is what the bad guys will continue to steal.
Stay tuned for more predictions from Anton Chuvakin.