Ten 2010 IT Security Predictions, Part 2

As 2009 draws to a close and a new decade dawns, CSOonline has reached out to some of the industry's best known security pros in search of insight on what the next 12 months and beyond have in store for our IT and cyber infrastructure. We started last week with Mark Weatherford, chief information security officer for the State of California, and Dan Kaminsky, network security specialist, director of pen testing at IOActive and discoverer of last year's massive DNS flaw.

Today we continue with predictions from Howard Schmidt, former eBay CISO and vice chairman of the President's Critical Infrastructure Protection Board, and ICSA Labs, a vendor-neutral testing and certification lab for hundreds of security companies.

Editor's note: Five predictions from Oracle CSO Mary Ann Davidson were originally scheduled to be in this installment, but schedule conflicts forced a change of plan.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

As 2009 draws to a close and a new decade dawns, CSOonline has reached out to some of the industry's best known security pros in search of insight on what the next 12 months and beyond have in store for our IT and cyber infrastructure. We started last week with Mark Weatherford, chief information security officer for the State of California, and Dan Kaminsky, network security specialist, director of pen testing at IOActive and discoverer of last year's massive DNS flaw.

Today we continue with predictions from Howard Schmidt, former eBay CISO and vice chairman of the President's Critical Infrastructure Protection Board, and ICSA Labs, a vendor-neutral testing and certification lab for hundreds of security companies.

Editor's note: Five predictions from Oracle CSO Mary Ann Davidson were originally scheduled to be in this installment, but schedule conflicts forced a change of plan.

Howard Schmidt, former eBay CISO and vice chairman of the President's Critical Infrastructure Protection Board

1. Malware Goes MobileMalware for mobile devices/smartphones will escalate as more apps are provided that facilitate users ability to do more things related to e-commerce, travel and financial apps. Given that many end users feel less vulnerable on their mobile devices it could be a steep learning curve to convince them they need to take similar protections as they would on their PCs.

2. The Cloud As Security EnablerWhile we have been doing some form of Cloud computing for more than 10 years 2010 will be the tipping point as to much wider adaption in all sectors. The overall net effect will give us a better chance to develop more security in the cloud using better vulnerability management/reduction, strong authentication, robust encryption and closer attention to legal jurisdictions.

3. Software Will Be Tested -- For RealProcurement actions will require more robust testing of software and firmware to insure significant reduction of many of the vulnerabilities that we are dealing with today. This might even rise to the level of some sort of software "certification" schema to show consistency of best practices.

4. Two-factor Authentication Becomes the Rule2010 will be the year for wider adaption of two-factor authentication for the end users. With federation of the many various types of two factor authentication that are around today we will finally see strong authentication become the rule NOT the exception.

ICSA Labs, testing and certification lab

1. PCI Compliance Continues to Drive Adoption of Web Application Firewalls (WAFs)The WAF market is maturing. WAFs are pushing into the cloud more and more, and Gartner, Inc. is planning for the first magic quadrant on WAFs.

2. Network Attached Peripheral Security (NAPS) Threats GrowWith more network-attached devices than ever before, there are even more opportunities to cause harm. This year's uncertain economy spurred an unprecedented number of layoffs and the risk of disgruntled employees stealing confidential company information is greater than ever. Using unsecured printers and network-connected security cameras that can be manipulated, employees are able to cover their tracks when accessing restricted areas.