If you thought 'Security '07' was hairy, just wait
Jon Oltsik says 2008 will bring a new cluster of headlines about information security and the workplace.
Phat desktop security
Antivirus is so 1990s, today's desktop security software must have additional safeguards for Network Access Control (NAC) and data protection. Phat desktop security has given rise to a bunch of acquisitions:
Public key encryption
This one will trickle in on the back of federal government initiatives,
Federated identity
This, too, rides the Windows 2008 wave but I'm also hearing about service providers and large financial service vendors that have built "ready to federate" Web-based applications for their partners. Like PKI, federated identity has been overpromised in the past so don't expect it to garner major headlines. Nevertheless, federated identity will experience good growth under the radar all year. Aside from Microsoft, expect IBM, Oracle, and Sun to benefit as well.
Ubiquitous encryption
We will remember this as the year of the invasion of encryption algorithms. In 2008, firms will purchase new disk drives, processors, tape drives, file systems, and new databases that support native encryption. Good for data protection but security operations managers must be prepared.
Key management
This one will happen as a result of ubiquitous encryption. Lots of encryption means lots of encryption keys. If keys are lost or stolen, you either lose some data or a lot of data. Pretty soon users will demand strong centralized key management solutions. Key management leadership ought to be extremely interesting with competitors like
Managed security services
Security is too complex to fool around with and there just aren't enough skilled people available. Managed services just make sense. This will be another market to watch because everyone wants a piece of the action. Look for major announcements from networking leaders (Cisco Systems, Juniper Networks), traditional system vendors (HP, IBM, Unisys), carriers (AT&T, Verizon), security players (Symantec), and systems integrators (CSC, EDS, Wipro).
Security product consolidation
"Best-of-breed" is another security trend that is growing passe. Users want consolidated administration, logging, and management, not a bunch of point tools. This, too, favors the big vendors. Smaller players will have to look for niche functionality and those opportunities to continue to grow rarer.
Information governance
There aren't many firms that know a lot about what information they have, how confidential it is, and where it is stored. This needs to change for security and business reasons. Look for lots of user and industry efforts to bridge this gap. Expect lots of hoopla over things like standard data models, meta data tagging, and information classification. Oh, and this is a market that is ripe for lots of professional services, too.
Stronger enforcement of the Payment Card Industry Data Security Standard (PCI DSS)
Is there anyone you know who has not had his or her credit card number breached? To avoid a "return to cash" movement, look for American Express, MasterCard, and Visa to start cracking the whip with tougher standards and greater fines for vendors large and small. Additionally, expect to see more credit cards equipped with onboard authentication technology and at least one data breach that makes TJX look like an amateur hack.
Log management architecture
Large firms are experiencing exponential growth in the amount of log data they collect, store, and analyze. This will prompt large organizations to move log management activities beyond security and build enterprise-wide log management architectures in 2008. Henceforth, log management services will be owned by IT departments who then charge-back internal groups for access to the log data. Great news for ArcSight, Log Logic, Log Rhythm, Q1 Labs, and the storage folks.
That's it, though I'm sure I've missed a half dozen others. Meanwhile, a belated Happy New Year.