2011 Security Predictions Review

A review of my seven security prediction for the year that is almost over

One year ago, I wrote seven security predictions for 2011. Now, one year later, it is a perfect time to look back and review my predictions. They were:

1. More market consolidation
   I was expecting that the shopping would have continued with more acquisitions by non-security companies buying security companies. This turned true with a number of M&A along 2011. Among others: Rambus (RMBS) acquaired Cryptography Research (CRI), Microsoft (MSFT) acquried Skype, Avaya did it with Sipera, Google with Zynamics, and Twitter with Whisper Systems.
   
   
2. More security mandates to comply with
   Correct. PCI Security Standards Council outlined specific guidelines for cloud security providers in "Information Supplement: PCI DSS Virtualization Guide".
   
   
3. More compliance in the cloud.
   Pretty accurate. In fact, more cloud service providers announced to have achieved compliance, typically at Level 1, with PCI-DSS - they included: INetU, Datapipe, Meraki, RightNow (acquired by Oracle).
   
   
4. Consumerization: the CISO new security bugaboo.
   We have been inundated by discussions about consumerization. I've also blogged my recommendations on applying security controls in a consumerized IT age. Not much to add here.
   
   
5. DLP prices shrinkage.
   The price of DLP solutions was often deemed too high compared to the benefits. I've heard about vendors offering their DLP solutions at reduced prices. Palisade Systems, a small vendor in Iowa focusing on small business security, tryed to reverse the perceptions of DLP by offering its PacketSure free of charge to few hundreds customers.
    
6. Instant Messaging security on the rise.
   The interest around instant messaging security arose significantly; the acquisition of Skype by Microsoft or the acquisition of Whisper Systems by Twitter are cases in point. My remark about XMPP also proved to be accurate, if we consider that adoption of XMPP by Microsoft Messenger.
    
7. More location privacy concerns. 
   This also turned to be true. There was a lot of attention on location-privacy threats. Earlier this year, iPhone was reported to track our movements - it even reached the U.S. Senate. Later, a design fault in Westfield malls app allowed anyone with an Internet connection and some programming skills to track the comings and goings of every single vehicle in one of the country’s busiest shopping centres. More recently, in a talk at the 28th Chaos Communication Congress, Karsten Nohl and Luca Melette highlighted that the German LEAs used half a million "Silent SMS" to track suspects in 2010 - this is something I may write more in the next blog posts. 
   This is only the beginning. This prediction not only proved to be correct, but it is going to be still valid for the upcoming year. As more researchers or incidents will showcase the possibilities, location-privacy will become an increasing concern for users and, later, for legislators. We will see products giving to mobile users the possibility to better meet their location privacy needs.