Ten 2010 IT Security Predictions, Part 2: Schmidt and ICSA Labs

Howard Schmidt, former eBay CISO and vice chairman of the President's Critical Infrastructure Protection Board, and the folks from ICSA Labs, a vendor-neutral testing and certification lab, offer 10 predictions for security in 2009. (Second of 2 parts).

By Bill Brenner, Senior Editor

December 21, 2009 — CSO —

As 2009 draws to a close and a new decade dawns, CSOonline has reached out to some of the industry's best known security pros in search of insight on what the next 12 months and beyond have in store for our IT and cyber infrastructure. We started last week with Mark Weatherford, chief information security officer for the State of California, and Dan Kaminsky, network security specialist, director of pen testing at IOActive and discoverer of last year's massive DNS flaw.

Today we continue with predictions from Howard Schmidt, former eBay CISO and vice chairman of the President's Critical Infrastructure Protection Board, and ICSA Labs, a vendor-neutral testing and certification lab for hundreds of security companies.

Editor's note: Five predictions from Oracle CSO Mary Ann Davidson were originally scheduled to be in this installment, but schedule conflicts forced a change of plan.

Howard Schmidt, former eBay CISO and vice chairman of the President's Critical Infrastructure Protection Board

1. Malware Goes Mobile
Malware for mobile devices/smartphones will escalate as more apps are provided that facilitate users ability to do more things related to e-commerce, travel and financial apps. Given that many end users feel less vulnerable on their mobile devices it could be a steep learning curve to convince them they need to take similar protections as they would on their PCs.

2. The Cloud As Security Enabler
While we have been doing some form of Cloud computing for more than 10 years 2010 will be the tipping point as to much wider adaption in all sectors. The overall net effect will give us a better chance to develop more security in the cloud using better vulnerability management/reduction, strong authentication, robust encryption and closer attention to legal jurisdictions.

3. Software Will Be Tested -- For Real
Procurement actions will require more robust testing of software and firmware to insure significant reduction of many of the vulnerabilities that we are dealing with today. This might even rise to the level of some sort of software "certification" schema to show consistency of best practices.

4. Two-factor Authentication Becomes the Rule
2010 will be the year for wider adaption of two-factor authentication for the end users. With federation of the many various types of two factor authentication that are around today we will finally see strong authentication become the rule NOT the exception.

ICSA Labs, testing and certification lab

1. PCI Compliance Continues to Drive Adoption of Web Application Firewalls (WAFs)
The WAF market is maturing. WAFs are pushing into the cloud more and more, and Gartner, Inc. is planning for the first magic quadrant on WAFs.

• Print