There are two ways to predict the future with 100% accuracy. You either have the power to shape the future to your predictions (the God method) or you make your predictions vague enough so that they fit most conceivable outcomes (the Nostradamus method). For those of us without omnipotence and with a desire to write something meaningful, that leaves the alternative: extrapolate from in-depth research, solid statistics and current trends and hope for minimum volatility (disruptive innovation or externalities) in the outcome. That will not get 100%, but even 90% is still extremely valuable. In January 2009 I will revisit these predictions and honestly assess my crystal-ball gazing.
In the murky milky swirls within my USB connected iCrystalBall I see the following developments in security in 2008:
- Accelerating enterprise adoption of mobile platforms leads to more security threats on mobile devices. With carriers, device vendors and mobile operating systems opening up there will be more rich applications on the horizon with the concomitant security concerns. I expect to see more start-ups in the mobile security space developing software solutions around encryption and authentication for phones, PDAs and so on. I also expect mobile carriers to increase investment in R&D and marketing around mobile security.
- Hard drive encryption on the desktop continues, and spreads to data center. In 2007 encryption of laptop hard drives was funded in more than a fifth of participants in our security research. I expect this trend to accelerate with the introduction of more hard disks with built-in encryption and Trusted Platform Module capabilities. I also expect hard drive encryption to start moving into the server and data center markets as companies adjust to compliance mandates and increased instances of identity theft from corporate databases. Expect encrypted drive technology to roll into server and storage lines from more vendors, and for unit sales to rise steadily.
- Network access control (NAC) sales will continue to fall short of the hype. Appliance-based NAC deployments will continue to grow in a steady but not spectacular fashion. Meanwhile, infrastructure NAC or "forklift NAC" will continue to underwhelm customers through lack of interoperability and high cost of deployment.
- Carrier and ISP-based managed security services for small and midsize businesses (SMB) multiply and spread in the face of burgeoning demand. SMBs lack the skills but need the security and will increasingly outsource security functions ranging from "clean pipe" firewall and anti-distributed denial of service, to spam-virus-malware filtering to specialists.
- The identity theft market is making more than US$100 million in profits in 2007, making them equivalent to No. 3 in profits in the security market. In 2008 the black market profits will surpass those of the top three security pure-play companies, fueled by companies not reporting breaches to law enforcement.
- Virtualization-based compartmentalization of laptops and desktops for security reasons will accelerate. Companies will deploy secured virtual machines as corporate sandboxes on desktops and laptops as a way to control configurations and contain applications and data, using technology from VMware, Citrix, Parallels, Kidaro and others.