At the end of 2007 I wrote a column on the future of security in 2008 in "Security: What will be hot in 2008?" Now it's time to look back at my look ahead and see how it all went. Back then I said that predicting the future depends on good data and hope that volatility from external events will be low. According to the latest data, we were just entering the recession that is now 12 months old, so there was volatility a-plenty. Let's see how I did in my predictions:

Accelerating enterprise adoption of mobile platforms will lead to more security threats on mobile devices.

Adoption of mobile platforms, check. More security threats, not yet. I think I missed the time-scale (I'll have to decide if this one goes into 2009 predictions or if it's too early). With the iPhone opening up to a multitude of developers and applications, and Android even more open, mobile security might become an issue.

Hard-drive encryption on the desktop will continue and spread to the data center.

About 50% on this one. Laptop encryption and desktop encryption are becoming more mainstream. Laptop hard-drive encryption ended up one of the top three security initiatives funded in the enterprise in 2008. Data center servers are not following just yet.

Network-access-control sales will continue to fall short of the hype.

Whereas NAC was everywhere at the RSA conference in 2007, by 2008 it had disappeared. The complete absence of NAC as an industry buzzword at a security trade show is news in itself. Infrastructure "forklift" NAC failed to gain much traction. Comprehensive endpoint control is still a rarity even in very homogeneous IT shops. I'll count this prediction as a success.

Carrier and ISP-based managed security services for small-to-midsize businesses will multiply and spread.

2008 saw a lot more investment by carriers in managed security services, and many of them headed down-market to appeal to smaller businesses. Our 2008 security research showed that the primary reason for buying these services shifted from cost to lack of in-house skills. SMB interest and adoption of managed security services -- check.

In 2008, black-market profits will surpass those of the top three security pure-play companies.

This prediction is hard to verify because the bad guys don't publish quarterly results, but our economic analysis of the black market for identities indicates that this happened. Not only did identity theft, botnets and spam keep growing, but the publicly traded security companies were battered by market volatility. Count this as an unfortunate win, because the bad guys indeed are winning.