1. Complying with government rules: From Sarbanes-Oxley to California's consumer data privacy law and European Union privacy mandates, regulations elevated the importance of information security.2. Security tasks commoditized: Security skills became more prevalent than products, turning activities that once required expertsperimeter scanning, patch monitoring, virus alertsinto routine tasks.3. Work time frames accelerated: Software patches and virus protection required monitoring by the hour or day, not weeks.4. Network perimeter made obsolete: The extension of networks to encompass outside service providers and business partners made the enterprise perimeter concept obsolete. Some organizations now think of security architectures as "zones of risk" and "zones of trust."5. Dashboards became vogue: Many adopted security dashboards to track activities and to align priorities across multiple departments.6. Identity management and authentication re-emphasized: To comply with Sarbanes-Oxley, for example, many organizations deployed identity management, and created single sign-ons to regulate user access to IT resources.7. Hackers go pro, attacks get tougher: Attacks often came from offshore, sometimes sponsored by organized crime. Phishing and spyware were costly and difficult headache.8. Securing outsourced application development curbed savings: Many organizations realized that implementing security controls on offshore contractors ate into cost savings.9. Connections to ASPs neglected: While many businesses used application service providers, they too often neglected to secure their network links to these partners.10. Security certifications lost punch: Buzzword credentials became more important than in-depth knowledge or experience, a confusing situation for businesses and practitioners.