- Forrester Councils
- Councils Overview
- log in
Posted by Jonathan Penn on December 24, 2009
Trying to avoid the obvious and the already underway, here are my predictions for 2010.
1. Cloud security standards emerge. By the end of 2010, we’ll see a framework emerge for establishing a well defined set of technology, practices, and processes, organized into different levels of trust. Ultimately, adherence to these specifications will need be certified by third parties. The effort won’t be complete, but it will be underway. Look to the government as key industry (other than the vendors) driving this effort.
COROLLARY: The use of cloud will take off as adopting organizations by and large overcome their security concerns – or at least, understand them at a specific enough level to seek out providers that satisfy these concerns.
2. Federation will start to take off by the end of 2010. Use of federation will be fueled by SaaS and cloud computing and the need for single sign-on to bridge identity from the enterprise to those external environments. Where standards reign over kludges, SAML will be the leading mechanism. OpenID will continue to be just a lab toy for the "Identerati".
3. Managed Security Services expands far beyond “Managed”. Organizations are not only turning to managed security services, they are seeking more from their providers than merely assuming operational functions. Increasingly, they seek partners to help them with security strategy, benchmarking, making the business case, and integration. MSSPs that are in fact multifaceted solution providers will start to establish market dominance. Big winners will be IBM, VZB, Wipro, among others.
4. Web content security in the cloud will take off. Though managed email security is one of the more popular areas of security SaaS, organizations have been slow to adopt the SaaS model for Web content security. This will change in 2010. Fueled by the increasing focus of attacks on browser and browser plug-in vulnerabilities, exacerbated by growing degree of mobility among users, and further boosted by the acquisition of some major SaaS-based vendors (PureWire by Barracuda and ScanSafe by Cisco), SaaS-based web security is primed to enter the mainstream.
5. Cybersecurity starts to look like a bonanza for security vendors. Cybersecurity and critical infrastructure protection are real challenges. But with the need to act gaining visibility, and so much money being made available, we’re likely to look back on 2010 as a rather large give-away to the security vendor, service provider and consultant communities.
What won’t happen:
What do you think I missed? Where do you think I’m wrong?
[This entry is cross posted to Cyberia, Jonathan Penn's blog]