Essential Computer Security

The year is winding down, and the world loves a list, so I thought I’d jump on the bandwagon as well. I will start by saying that, thus far, the only prognostications for next year that I have read were Richard Bejtlich’s on his TaoSecurity blog. So, before I read any more that might taint my own predictions, here is what I foresee for 2008:

1. Consolidation: One of the big technologies of 2007 was the introduction of unified communications by both Microsoft and Cisco. The merging of all communications technologies into a single, unified system will continue into 2008. Aside from the whiz-bang, “keep-up-with-the-Jones’s” aspect, there is a lot to be gained in terms of efficiency and productivity for organizations that leverage unified communications.
2. Consolidation: The computer and security technology industry is like a chess game of mergers and acquisitions. Watching the Big Dogs (Microsoft, Cisco, Symantec, McAfee, Checkpoint, etc.) make strategic moves reminds me of watching my kids negotiating and trading cards for one of the their games. The key to winning the trading card game is apparently the same as the key to dominating the information security industry- collect the right components to build the better team. I predict that the Big Dogs will continue to swipe up innovative and bleeding edge companies in an effort to achieve or retain that slight advantage over the rest of the pack.
3. Consolidation: Organizations are going to evolve their compliance efforts to the next level. Rather than launching a SOX project to get compliant and pass the audit, and then a HIPAA project to get compliant and pass the audit, and then a PCI DSS project to get compliant and pass the audit, organizations will seek to manage compliance as a whole. The goal will be to maintain compliance beyond the audit to get some leverage from the effort and resources invested in getting compliant in the first place. The separate compliance projects will converge under a single Compliance initiative that will merge the various requirements so that they can be managed as one.
4. Information Protection: Were you expecting “Consolidation” again? With much of information security more or less in a state of functional stalemate, organizations can move beyond firewalls, antivirus, and intrusion detection / prevention, and focus their attention on other areas. One of those areas for 2008 will be a greater focus on protecting confidential and sensitive corporate information. Data leakage appliances, and technologies such as Microsoft’s Windows Rights Management Services (WRMS) will be employed by more organizations to ensure that the crown jewels of data are not quietly leaked across the network.
5. Virtualization: This is almost a variation on “Consolidation”, does that count? There are a lot of good reasons to virtualize. From a money saving perspective, you can save money on hardware, data center real estate, and electricity and cooling. By leveraging the memory and processing power of one hulked out server, companies can run multiple server instances, and even multiple operating systems on a single box. Virtualization can also be used to leverage a centrally installed application and allow multiple desktop users to access it. In either event, another advantage is that maintenance, upgrades, patching and troubleshooting are also more efficient because the support can be done on one box in one location. Virtualization has been a growing trend already, and in 2008 Microsoft will release their Hyper-V hypervisor application to add some fuel to the fire.

There you go. I don’t know if any of those are Earth-shattering shockers, but those are my predictions. Check back at the end of 2008 and we can recap to see how I did. But- come back frequently in the mean time. That wasn’t an invitation to stop visiting my blog for a year.

_________________________________________

Tony Bradley
www.tonybradley.com
Essential. Computer. Security.

Tags: Blog // Comments Off