Practical security on tap for 2003

SearchSecurity.com site editor Cathleen Gagne predicts that enterprises will concentrate on security policy development, implementation and enforcement in 2003.

EXPERT PREDICTIONS
Our team of experts on SearchSecurity.com have lots to say about what 2003 will hold for enterprise security. We'll be putting together a complete package for you over the next week. But here are some gems we pulled out to give you an idea of what's to come:

"Maybe 2003 will see the moment in time when a version of Windows server product will actually be more secure and less hackable than a version of Unix. I don't think so, but I can dream, can't I?"
-- David Strom

"Patch Management, which was highly touted in the government's 'National Strategy to Secure Cyberspace' report, will experience strong growth as IT departments increase the frequency of patching vulnerabilities, as opposed to simply responding to attacks in process."
-- Jim Reavis

"Security managers will be working hard to lock down remote users over both wired and wireless access. The focus will be on deploying and maintaining systems for identification and access, encryption, firewalls, antivirus and patch deployment."
-- Robert Vibert

"Specifically, 2003 will not be billed as the "year for PKI" simply because nobody believes it anymore, and PKI rollouts will continue at a snail's pace."
-- Steve Mencik

"Biometric authentication tools like fingerprint or retinal scans will remain a niche technology. Reason: They're still too easy to fool."
-- Robert L. Scheier

We'll see more security certifications than you ever dreamed possible. Keep your eyes on CompTIA's Security+ and ISACA's CISM as key credentials to watch."
-- Ed Tittel

"Continued merging/buy of businesses by larger vendors such as Symantec."
-- Ed Yakabovicz

"By the end of 2003, we'll see a high-profile Wi-Fi hack against a major organization. War drivers around the world are discovering the joys of illegal, free Internet access through a large company's unsecured wireless access points."
-- Ed Skoudis

"The security industry will be disappointed at how little money will come to them from allocations from the Homeland Security department."
-- Jon Callas

"Keep an eye on the instant messaging wave that's only going to get bigger in 2003. I don't think we've seen anything yet regarding the security issues of this explosive technology."
-- Kevin Beaver

Last year, as we headed into 2002, visions of terrorism and thoughts of how to brace ourselves against the worst of times weighed heavily on us all.

We worried about the physical security of the workplace, disaster recovery, cyberwarfare and securing our IT infrastructures. That won't go away entirely, but I think 2003 will be the year of security practicality. I think we'll see more focus on security policies and enforcement.

My editor's note to you last year suggested that 2002 would be the year for security management. I predicted the biggest problem facing IT security professionals would be the daunting task of getting your arms around all the security issues that cross all departments in an organization -- viruses, firewalls, intrusion detection, VPNs, infrastructure, passwords, user education, e-mail, etc. The list seems endless. I felt that security pros were more or less in a reactionary mode versus a preventative one.

I still believe that will hold true for 2003, but I think that we'll see IT security professionals dealing with security management by focusing on policies and the enforcement of those policies. This is practical and tangible. If you have strong policies for all of your security issues, you'll gain a stronger grip on the problems. And people will (and should) be held accountable.

Your user community needs to follow a stringent policy, too. How many of you have seen a shift in how your users are handling attachments, for example? If I use myself and some of my colleagues as an example, I'd have to say I've seen a huge change. When I receive a message with an attachment I'm not expecting, I immediately message that person back to verify that they had sent it to me. Just the other day, a colleague asked me about a Hallmark e-card I had sent. He wanted to know if it was legitimate. It was. Recently, my husband asked me about this message he received from a relative telling him how to remove a virus from his system. I smelled a rat and verified that it was indeed a hoax through our very own IT guy Joel Johnson. Small steps, but in an encouraging direction. There's hope for us users.

Our own organization has a policy for us to follow now. The only problem is that I never had to sign anything. I believe if you create a policy for users, you should make them sign their name to it with the knowledge that they'll be held accountable. This is practical, reasonable, and it makes you think twice.

Other policies are equally important. According to security expert Mandy Andress, there are several policies you need to have in place that can be combined to create a single corporate security policy: Acceptable Use, Remote Access, User Account/Password, Firewall and Network Policies. To read more about what Mandy has to say on this, read her article.

A recent poll of more than 400 SearchSecurity.com users seems to support my theory: Security policies and user compliance topped the list as the most pressing issue at their companies. Read SearchSecurity.com news editor Michael S. Mimoso's article, which explored the results of this survey.

Enforcement of policies is another story. This is the most difficult part of all. How do you hold your users accountable? Next year, we at SearchSecurity.com promise not only to provide extensive coverage on creating policies, but we'll try to address how to implement and enforce them. In the meantime, I welcome your thoughts on whether you agree that policies are as big an issue as I perceive them to be. Or, if you have any policies you've created and implemented with success, send samples along to me. We'll post them to our site and share them in our newsletters.

Stay tuned for 2003 predictions from our team of site experts in an upcoming Featured Topic! Best regards and warm wishes for a happy New Year from the SearchSecurity.com editorial team.

Dig deeper on Security Industry Market Trends, Predictions and Forecasts

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close