2010: A Security Odyssey
So here we are. 2010 – a new, shiny year for things to be as %*# up as ever. <sigh>
OK, OK, that was pessimistic sounding. I do have some thoughts in general on this year in security. Here we go:
- Compliance will be a hot topic again this year. PCI is growing (MasterCard Level 2 peeps, talking to YOU). HIPAA is being changed, legislators are looking at breach disclosure and other topics, etc.
- DLP – love it or hate it – will get more mature and could become even more relevant with tie-ins to e-Discovery and compliance mandates. Trust me, I hate buzzwords more than most, but I think the notion of keyword searches and data fingerprinting have merit. Just early in the evolution.
- Howard Schmidt will do almost nothing. Oh sure, he may *talk* and stuff…but I don’t see anything changing this year. The government is just way too bureaucratic and bloated to change quickly. Not his fault, but I don’t think he’ll be the infosec savior by any means.
- Cloud computing will start to become more tangible, and we WILL have to secure that beeyotch.
- On a related (sort of) note, virtualization security will leave the “Chicken Little” phase and assume a normal place as YAICTS (Yet Another Infrastructure Component To Secure).
- We will have to really address some of the major “gray area issues” in security. For example, the whole PI license for computer forensics issue…WTF?
- Please please please please PLEASE – can we stop being such geeks and embrace risk management as the cornerstone of information security? I’m all for packets, hacking tools, and the like, too…but businesspeople still look at security folks often times like the 17 year-old that still plays with Legos. We talk all this bullshit about wanting to be more accepted with business folks, but many of us don’t really walk the walk. And no, I do NOT think metrics are the answer. <shudder>.
Some other general thoughts (not security):
- It is officially time to stop clipping your phone to your belt. You are not Batman. In fact, not even Robin.
- All movie critics suck. Why do we listen to them at all? I, for one, do not need my movies to be deep and meaningful all the time.
And off we go.