Wish you a happy holidays and happy new year. We have compiled a list of 12 predictions that we, as security company foresee in coming year of 2010. Please do leave your comments or email us if you are looking for the solution.
1. Virus / Malware will hit Mobile
Virus / Malware for mobile devices and smartphones will escalate as more apps are provided that facilitate users ability to do more things related to e-commerce, travel and financial apps. Given that many end users feel less vulnerable on their mobile devices it could be a steep learning curve to convince them they need to take similar protections as they would on their PCs. Guys making the malware will promote these virus and malwares software for your phones as free downloads of ringtones, games, utility apps. These apps will be say as spyware applications for PCs. With GPS enabled phones, it will be dangerous to get infected with these viruses.
2. Security as a Service
Security Tokens which have become Software driven in lieu of hardware will go subscription based from license procurement model. This will be enabled by the selling Security as a Service. This will be true for managed and hosted services where regulation compliance is a need and customer wishes to have 3rd party Security provider. The overall security as a service will cover better vulnerability management/reduction, application level firewall, strong authentication, robust encryption and closer attention to legal jurisdictions.
3. End To End Encryption
With the mobile workers and work from home mindset, remote access will become more crucial and at the same time, there will be a lot of data at the user side getting generated and will be under threat (of getting stolen or theft). Along with this, why should you trust the network - Wired or Wireless networks? End to end protection is going to get a big boost in 2010 to protect the data. For instance, insurance agents are doing business from their laptop and there is no protection of the end-customers private information on the system. Application to Application, end to end protection will be the basic need for all the e-business work flows above and beyond SSL certificate.
Currently a lot of software and hardware products do not have security checklist as a must to pass. Now more push towards Certification and Compliance will come into action and making it a standard. BASIL, PCI-DSS, HIPAA are there but it will go to many other sectors. Procurement actions will require more robust testing of software and firmware to insure significant reduction of many of the vulnerabilities that we are dealing with today. Certification should become faster and cheaper for this too happen.
5. Multi-factor Authentication becomes more popular
Event though Granter states that 2FA is not enough (which all the security gurus have been screaming for decade) still 2010 will be the year for wider adaption of two-factor authentication for the end users. With federation of the many various types of two factor authentication that are around today we will finally see strong authentication become the rule NOT the exception. However, it will not be limited to 2FA(what you know? and what you have?) , but it will become multi factor (where you are? what you see? and what you are?) questions also will become the identity authentication criteria to allow the authentication and access. It will certainly be driven by software (not hardware) to make it widely.
6. Voice biometric for Password Reset and Getting new services activated
Password management is one of the biggest expensive support activity. Filling form, faxing them and waiting for weeks to get your PIN will change through Voice biometric. Forgot the PIN, call the support helpline, authentication your self and get the new PIN. Same will apply to new services where you will need Activation Code or PIN delivered from out of band with authentication.
As more and more businesses turn to social networking sites to extend their customer reach and build brand awareness, sensitive data becomes even more available and vulnerable. This past year, the KoobFace worm spread like wildfire through several social networks including Facebook, MySpace, Friendster and Twitter. In October, a massive bot-based attack, Bredolab, affected three-quarters of a million Facebook users by sending fake password reset messages. No solution will come in 2010.
8. Digital Signatures will go Mobile
Today we have two options to do Signing (to enforce Non Repudiation) - Software Signing (through your internet browser secure storage of Certificates) OR Hardware Signing (where Smart Card OR USB Key stores your Certificate). Both are good but restrictive in nature. What you carry with you once is a Phone. Your Keypair will be carried inside your Phone and you will use that for signing and verifying your transactions, documents and emails. It will be cost effective and not restricted in nature as compared to today's options.
9. Email Protection with DLP (Data Leakage Protection)
Email is the most widely used communication tool for businesses today. Email Signing to hold its legal value is become a need of the businesses. Also making your communication confidential will also become crucial. Solutions like PGP for desktop email encryption and signing are present but they will not fly any more. It will be enterprise level or ISP level email protection. Currently we have anti spam, anti virus for our email but not sufficient when it comes to internal breaches and legal conflict. Email Signing as well as DLP will come strongly in 2010-11.
Consolidation of the PIN, Token, Certificate along with web based SAML enabled single sign-on is going to give efficient, best TCO, least support mainly for private and public sectors. National ID cards will become crucial to enable many e-service, m-services and real services using one consolidated platform for Identity Management and Authentication. Federated Identity will become more popular in 2010.
11. Rise of Scareware
While free anti-virus products are great to decrease the growing amount of malware threats out there, users need to be cautious about rogue anti-malware products -- otherwise known as "scareware" -- that organized crime rings will use to take advantage of end-users and disable their computers. Scareware reared its ugly head this year through fake advertisements (malvertising) for antivirus on The New York Times website.
12. No Privacy
Google, Facebook, twitter etc willensure you have no privacy alot. Your emails, blog, wall-to-wall comments, tweets will be used for social intelligence. Your location will be given away through your Nokia, Iphone, Blackberry. Please be aware of No Privacy World.
0 comments:
Post a Comment