By Anton Chuvakin
- Mainstream security in the cloud: Yes, Qualys and a few others have been doing it since 1999 and a few cloud security providers has been absorbed into large entities (latest, sort of). But I suspect that in 2011 we will see much more of “ approach to security of … now in the cloud.” By the way, I mean REALLY using SaaS/PaaS/IaaS cloud options and not “press-release cloud” like many do today.
- “New” types of incidents: Going on limb, I predict a few large (and very damaging) breaches, NOT involving regulated PII, but good old secrets. Wikileaks mentality + cybercrime resources = a fun year!
- SIEM for dummies: OK, this is another risky one. As you know, there is no leader in the SMB/SME SIEM market and I am really looking for somebody to climb on that hill. The world needs a penultimate “SIEM for dummies.” As of today, SIEM is decidedly not.
- Security vendors: Despite the silly 2007 predictions by the RSA CEO, there will still be hundreds of security companies around. However, some of the players will definitely feel like they “overstayed the market’s welcome” (e.g. some legacy SIEM vendors) and will either die or firesale.
- Risk “management”: Every past year, I predicted that we will remain dazed and confused about how to apply risk to information security in an objective manner (objective, not necessarily quantitative). This year…. drumroll… I am laying these dark thoughts to rest – at least for a while. Maybe, just maybe, we are starting to see both data and approaches that will eventually give us something to work with. And no just whine about it.
For Part 1 on this series, click here.