Security in 2007

The Annual RSA Conference has emerged as the focal point of the information security marketing year. Vendors large and small vie for the mindshare of prospects, analysts, and journalists. Rising from its humble origins as a gathering of cryptography nerds and those interested in bashing the U.S. National Security Agency over export restrictions, the Conference has blossomed to the largest U.S.-based information security event, this year boasting almost 350 exhibitors. We can think of no more fitting time to offer our perspective on what we believe are five key trends.

The coming year promises to be yet one more bumpy ride for the information security market and the security space in general. Sageza believes there are five trends that are very likely to impact organizations in the coming year.

Privacy and Compliance: Pushed by More "Lost Data" Incidents
Privacy and compliance will continue to dominate the thoughts of top management. There will undoubtedly be more instances of customer, employee, or other sensitive data being either lost, stolen, or leaked. Organizations will have to come to grips with the need to protect sensitive data no matter where it lies, which leads us to…

Elusive Mobile Data: New Devices and Storage Media Proliferate
The mobile phone and the pen drive will migrate into “must have” fashion accessories. Memory sticks will be found on the keyrings of more and more people. Organizations that have regarded consumer trends in mobile phones as mere entertainment will discover there can be dire business consequences from misuse of technology in the workplace.

Photo Abuse
Internet videos, whether of the latest movie, violent acts such as the hanging of Saddam Hussein, or candid shots taken at the workplace, can have almost instant global exposure. Litigious aggrieved employees and ex-employees may seek damages for embarrassing videos taken via mobile phone cameras at the workplace, arguing that the employer has the duty to ensure the business nature of the work place by publishing and enforcing policies intended to protect its employees.

More Creative Adversaries
Adversaries of all types ranging from pranksters to criminals to terrorists will become more sophisticated in their attack methodologies. They will combine social and technical attacks and employ advanced techniques, particularly in the field of malware and vulnerability exploitation. In fact, 2007 may be the first year of the automated crime predicted by Security Industry Luminary Donn Parker back in the 1980s.

Pleasant Surprises from Vista
Sageza believes that Microsoft's Vista may surprise the market by proving to be a harder target than its predecessors. The nature of the new operating system and its layers of defense may provide adequate security for new purchasers of PCs to the point where attackers are forced to move beyond the OS as a target and explore new worlds such as client side attacks, more sophisticated phishing, and social engineering attacks against specific targets.

These trends are symptomatic to changes within the IT industry at large. They also show the blurred line between consumer, SMB, and enterprise. Sageza believes that this line will continue to blur to the point of non-existence within the next five years. Furthermore, employees will bring their consumer technology to the workplace and expect the workplace to respond positively, forcing changes in the way companies do business.