I'd like to begin this entry by paraphrasing Denise Levertov and state that I don't think one can accurately measure the historical effectiveness of a yearly prediction; but one does know, of course, that writing does influence individuals; and individuals, although they are part of large economic and social processes, influence history. Every mass is after all made up of millions of individuals. So with that thought in mind, let's look into our snow-globe and see what we can for the future, hoping that this missive might stick, in some part, in someone's brain so that the future can be written with one part forethought and one part remembrance of past failures. The H.G. Wells take on virtualization's race between education and catastrophe Let's face it, cloud computing, hybrid or virtual servers, and applications moving to the iPhone are hurtling us toward compliance catastrophe. In order to stave off disaster, we'll need proper education and compliance elucidation for these technologies and trends. More and more vendors are producing powerful virtualization in both the back end server capabilities and in the user's hands. Because organizations can easily create hybrids of physical and virtual servers, virtual server sprawl will become commonplace. By the end of 2009 over 90% of organizations will be employing some type of virtual server technology. And those same organizations will lose data in some form or another, thereby bringing attention to the compliance complications those environments cause. Look for clarifications or updates to authority documents in terms of focusing on virtualization configuration management and change tracking. On the other end of the spectrum, the continued explosion of the wireless world, with more and more business-oriented applications being developed for the iPhone, will cause a much closer look at WLAN compliant networking. Look toward the PCI community to be the first to address the problems that WLAN creep can cause and look for them to release specific and in-depth guidance on how to handle this problem. The George Santayana prediction for those who cannot learn from history and will be doomed to repeat it Some idiot, somewhere, is not going to heed the past mistakes of others and through neglect - probably through not configuring a system properly or not following proper change procedures (the two most ubiquitous reasons for security breaches) is going to be doomed to repeat history and loose a great many credit card numbers or records with other personally identifiable information. The Adrienne Rich prediction for Green Technology's true measure Adrienne Rich wrote that "false history gets made all day, any day, the truth of the new is never on the news." With that in mind, we'll find that the whole argument of "Green labels" will quickly be seen to be one of the dumbest things to argue about in quite some time. Especially when the metrics of green computing haven't even been set, let alone tested for true measurability or usability. Therefore, my prediction for Green Technology is that somewhere along the way the folks are SecurityMetrics.org or the Center for Internet Security are going to get around to actually figuring out how to correctly measure, and analyze, Green Technology's true impact on computing and the environment. And that truth will be buried somewhere under a new spurious Green marketing campaign filled with falsehoods. The Pearl S. Buck prediction for encrypted media Pearl S. Buck stated that "one faces the future with one's past" - and if those working within the world of media encryption are reading this, they'll do just that. In '08 we asked a couple hundred companies about their media labeling and sanitization practices. Both were horrible (with an incredible 80% of respondents acknowledging their practices were horrible while acknowledging they'd do nothing about it). If the secure media manufacturers are aware enough to face the future with this past in mind, they'll build encryption into all media so that at maybe, just maybe, that 80% could be reduced by buying encrypted media that neither needed labeling or special sanitization procedures. The Jawaharial Nehru prediction for a unified, global, approach to compliance Jawaharial Nehru wrote that "a moment comes, which comes but rarely in history, when we step out from the old to the new, when an age ends, and when the sound of a nation, long suppressed, finds utterance." In the world that I see taking form in 2009, we are stepping out of the bounds of IT compliance for this or that regulation, this or that state or nation. IT compliance staffers worldwide are beginning to find utterance in their call for a global, heuristic, holistic, or unified approach to compliance. "Why aren't we protecting privacy related information instead of cardholder data, personal data, medical data, and other authority-document specific data?" wrote one of our field editors this year. He isn't the first, nor the last to ask that. More and more we are hearing the call for a unified approach to compliance. In 2009 that utterance will find a global voice. The Winston Churchill prediction that the UCF team will make history Winston Churchill, upon being asked if history would be kind to him, remarked "history will be kind me, for I intend to write it." We agree with Winston and are determined that our place in the history books will be listed as "the team who finally harnessed the vast morass of regulatory compliance by harmonizing it, making the panoply of regulatory guidance truly follow-able in any organization." And with these predictions now on virtual paper, I have to get back to interpreting the historical authority documents in order to continue adding to the UCF's harmonized database that is already making so many IT staffers' today easier. |
 |
|
|
|
