2010 was another year of living dangerously. Companies dealt with huge increases in malware threats, growing mobile security concerns about consumer devices such as iPads, and rising compliance pressures, according to Perimeter E-Security.
High profile incidents offered several key lessons. Increasingly sophisticated attackers are forcing defenders to raise their games, with tighter integration of defenses across content filters, endpoint controls and firewalls.
The main predictions for 2011 are:
Your employer will lock down your phone
With the increasing adoption of consumer devices such as the iPad and other tablets by businesses, companies will need to impose common security controls on these devices, regardless of the brand. That means being able to manage many different types of post-PC devices. If you want to bring your mobile device to work, your employer will seek to enforce policies for passwords, device locking, remote wipe, and hardware encryption.
DLP will go mainstream
Although data leak prevention (DLP) products have their limitations, they are poised to go mainstream in 2011. Enterprises are under increasing pressures to keep their communications and devices free of “toxic data” such as credit card numbers, social security numbers, personal financial information and health care information.
In the coming year, more companies across multiple industries will embrace DLP to keep their email and web content clean, and to filter data copied to removable media.
The “Advanced Persistent Threat” meme will die
The often broadly defined term “Advanced Persistent Threat” (APT), which to some vendors is described as malware, is in truth not a what, but a who. In the security community, APT refers to a long-term pattern of targeted sophisticated hacking attacks aimed at governments, companies and political activists, and also refers to the groups behind these attacks.
APT will be replaced with the more accurate phrase “State-Sponsored Cyber Warfare or Actors” as opposed to the generic and misused APT.
The U.S. will crawl towards EU-style data protection
The U.S.’s liberal culture of shared Personal Information will move towards a more stringent consumer aware model requiring companies to be good custodians of Personal Identifiable Information, especially with financial and healthcare information.
The Federal Trade Commission (FTC) December report “Protecting Consumer Privacy in an Era of Rapid Change” provided sweeping recommendations and mandates such as PCI, HITECH and state data protection laws are prime examples of this change. In addition to these regulations and recommendations, tort law will add another layer of definition making U.S. regulations much more closely aligned with EU’s data privacy mandates.
Public data security benchmarks will emerge
Thus far, security has been hard to quantify. In the future, publicly available database sources such as Open Security Foundation’s DataLossDB, a clearinghouse for documenting toxic data spills for personal information, will be used for benchmarking the safety level of companies.
Mainstream security vendors will more likely showcase the health of their customers in security report cards. Furthermore, service providers will begin to collaborate to define common security metrics such as measures to compare companies and sectors and to provide a common baseline of security of companies’ year over year.