2010's Ten Hot Trends

By Jeff Vance

(Back to article)

It’s prediction time again. Looking back on last year’s prediction column, the hits narrowly beat out the misses but they did beat the misses so we're going to expand on last year's efforts with five more predictions for 2010 (besides, as writers, we like the way the numbers line up in the headline!).

A Look Back

I was right about the recession sparking a major acquisition or two. Oracle-Sun and HP-3Com fit the bill nicely. I also predicted there would be major acquisition action in the mobile space. Sprint’s $483 million acquisition of Virgin Mobile and, better yet, Ericsson’s $1.13 billion acquisition of Nortel’s CDMA and LTE business in North America authenticated that prediction. Now rumors are circulating–again–that T-Mobile and Sprint may merge. We’ll see. Too late for this article, whatever the case.

Despite all of the M&A excitement in the mobile space, as well as a slew of cool new smart phones, I was correct in guessing that the handset sector would under perform in 2009. Gartner reported that handset shipments slipped by 6% in the second quarter.

The replacement cycle for handsets has extended from 12 months to 18 months. Even as the economy recovers, I wouldn’t be surprised if replacement cycles continued to extend. As more smartphones enter the market, more of those phones have more personalized data tied to them. As you have to move much more than just your address book, it’ll be a much bigger nuisance to switch phones and migrate data in the future. (And don’t say that migration software will solve this problem. Most of it is expensive and so-so performance wise.)

When 2009’s data is all in, Gartner is predicting overall flat growth for the year, with the slight up tick achieved mostly through so-called “grey market” sales. It’s being called a grey, rather than black, market because it includes the legitimate reselling of unlocked phones, but also the sales of counterfeit phones.

At first glance, my virtualization prediction appears to be a miss. IDC’s Worldwide Quarterly Server Virtualization Tracker found that “worldwide virtualization software revenue declined 18.7% year over year in 2Q09.” However, Gartner noted that mid-sized companies (those with 100 to 999 employees) nearly doubled their rate of adoption in 2009. The trouble, from the point of view of vendors, is that many of those organizations are using the free virtualization tools built into new operating systems. In other words, adoption continues at a feverish pace, but vendors will have to work harder to squeeze money out of virtualization. (Since it’s my column, I’ll say I was more right than wrong on this one.)

My big misses came with “social networking slows down in the enterprise” (it’s doing anything but), and “technology sparks the recovery.” Let’s just say I’m not sold on this recovery, nor on technology’s role in it, which leads us to this year’s predictions. In the spirit of the “do-more-with-less” mandates that inevitably come during tough times, I’m expanding from five to 10 my predictions for this year. So, without further ado ...

1. It’ll get worse before it gets better. There’s been a lot of talk about the economic recovery, but there are still systemic problems. A new housing bubble appears to be underway, while the U.S. manufacturing sector has practically disappeared.

Each day seems to bring some new report about how the recovery is weaker than most realize. An NPR report about online job postings found that a reasonable number of job listing doesn’t translate into the same number of opportunities. Many of these jobs require specific skills, such as medical training, that the jobless don’t have. Others are in distant, middle-of-nowhere places that would require relocation but don’t offer moving compensation or even the wages to make relocation feasible.

Meanwhile, even if employment does start expanding modestly, it probably won’t be enough to offset a population growth of about 100,000 per month.

The UCLA Anderson Forecast group forecasts another rocky year for 2010. The group believes that the unemployment rate will peak at about 10.5% in Q1 and remain at or above 10% for almost all of next year.

2. IT spending ticks upwards―a bit. IDC believes that worldwide IT spending will rebound in 2010. The analyst firm sees 3.2% growth for the year, returning the industry to 2008 spending levels of about $1.5 trillion.

Gartner also sees an IT spending increase. (I should note here that IDC and Gartner measure this market differently. Although the percentage increase is practically the same, the raw dollars are larger for Gartner, forecasting a worldwide growth of 3.3%, translating into spending of $3.3 trillion.)

“2010 is about balancing the focus on cost, risk, and growth. For more than 50% of CIOs the IT budget will be zero percent or less in growth terms,” said Peter Sondergaard, senior VP at Gartner and global head of Research. “It will only slowly improve in 2011.”

Foote Partners is equally cautious, believing that IT job growth will stay flat for most of the year, perhaps picking up in Q4. In other words, ...

3. Good news about IT spending may not translate to good news about IT jobs. One of the silver linings of recessions is they often speed innovation. IT has been undergoing an automation trend for several years, but automation often comes at the expense of labor. Two factors may accelerate the pace of automation in the coming years: First, automation saves organizations money, and anything that benefits the bottom line looks good in hard times.

Second, compliance is becoming a bigger and bigger issue for IT departments. HIPPA is beyond its grace period, with fines kicking in for noncompliance, while fines are set to increase with PCI DSS. The largest cost of compliance for most organizations is the audit itself, both internal and external. Without adopting things like document and data controls, and automating many of the process around document and data creation, storage and collaboration, compliance will be costly.

Automation will be one of the things that companies can no longer afford to ignore.

From an employment perspective, though, automation translates into fewer jobs. All of those hours spent auditing spreadsheets add up. Sure, there will be some jobs created around compliance. There are new C-level compliance officers at many large organizations, but those gains won’t offset the larger IT losses.

4. Windows 7 is the last big OS launch. Even as I typed that sentence, I paused. Is Windows 7 a big OS launch? It sure doesn’t feel as big as XP or 2000 or even 95. Heck, even the much maligned Vista launch seemed bigger. Sure, Microsoft is marketing the bejesus out of it, and there’s even a disturbing Burger King marketing tie-in in Japan, The 7 Layer Whopper, but this still has the feel of something that Microsoft cares about, but the rest of us don’t.

Let’s compare the OS to automobiles. Some gear heads care about their engine’s exact horsepower and precise number of cubic inches, but most consumers don’t. Most consumers think more about functionality. Is it fast? Is it economical? Is it a truck? Is it a minivan? To them, horsepower simply means decent power, regardless of the number. If it didn’t have power, after all, why would they advertise the horsepower?

We’re entering that same phase with the operating system. No one cares much anymore about what’s under the hood. They just want it to work and allow them to do the things they want to do, whether it’s streaming video or gaming or running multiple productivity apps at once and having them all interoperate.

From most accounts, Windows 7 is a vast improvement over Vista, which wasn’t really as bad as many critics made it seem. For the tech crowd, there are plenty of things to love or hate about Windows 7, but for the average consumer, they’ll only care about how well it streams their movies on Netflix.

5. Security transitions to a risk-management model. The other day I was talking with Geoff Webb, senior product marketing manager at NetIQ, a provider of systems and security management software. He believes that security is slowly but surely moving to a risk-management model.

The trouble, as I see it, with the risk-management model is the concept is rather abstract. How do you quantify risks for your company’s board so that your security dollars aren’t cut in the next budget? According to Webb, we’re only just starting to have the right tools to quantify risks. Network visibility tools are important. However, if you can measure how a new solution has actually diminished attacks, you’re even better off. Even that, though, is probably not enough.

“We could really use some agreed upon metrics and for security. I was actually talking to a security officer who said that he kind of wishes his company would be hit by a virus or worm,” Webb said. “He wasn’t serious, obviously, but his point was that if you do your job well and your organization stays safe, upper management mistakenly believes that the risks must not be that serious. Therefore, they start taking away your budget.”

Adopting a risk-management strategy is a start because you’ll be forced into adopting such things as “risk scores.” But what exactly do you measure and how do you even refer to your measurements? Today, it varies widely.

For instance, Webb pointed to what he calls the “malice-without-thought” threat category. In the new CSI Computer Crime and Security Survey, “25% of respondents felt that over 60% of their financial losses were due to non-malicious actions by insiders.”

While there are plenty of security savants out there, what we need is an IT security Bill James.

What is the security equivalent of OPS (on-base plus slugging percentage)? There isn’t one. Perhaps 2010 will be the year that we find one.

6. Smart phones dominate. Earlier, I discussed how the mobile handset/carrier market took it on the chin in 2009. What I didn’t mention is that one of the bright spots in 2009 was smartphones. The iPhone, Google Android, the Palm Pixie, HTC’s Droid Eris, and Blackberry Bold are all sought after shiny new gadgets.

In fact, while Gartner was cautious about IT spending and even the overall mobile market, it noted that for Q2 2009 smartphone sales were way up. “Smartphone sales surpassed 40 million units, a 27% increase from the same period last year, representing the fastest-growing segment of the mobile-devices market,” Gartner reported.

What does this mean for IT? It means you better start figuring out how to manage these gadgets. Remember how much trouble laptops were (and still are)? At least, many laptops are corporate property, so you can demand that your employees load them up with whatever security and control software you prefer. Most smartphones are user-owned devices, which means that the most you can do is create policies, hold your breath, and hope people follow them.

Worse, the replacement cycle for smartphones, even if it is getting longer these days, is still much shorter than for laptops. Once you have control over a certain category of devices, people will start lugging around newer ones with innovative features you haven’t planned for.

Look for vendors to put emphasis on enterprise smartphone security and management solutions. This could even be an IT budget line for many organizations in 2010. Forward-thinking organizations, especially those already saving money via new technologies like desktop virtualization, would be wise to take that money and spend it on subsidized smartphones for knowledge workers. Then, you can force whatever sort of security solution you want onto them.

According to Gartner, PC vendors are already beginning to treat smartphones as mini-PCs, hoping to boost their market share in this segment to help offset a declining PC market. IT would be wise to adopt the same strategy. 2010 will be the year that proactive organizations do.

7. Netbooks prove to be a fad. I’m not saying netbooks are a bad idea. To the contrary, they’re a perfect niche device. However, that’s what they are: a niche device, not a PC replacement.

Yankee Group picks netbooks as a loser for 2010. Yankee is big on the “anywhere computing” idea, where everything from mobile handsets to portable gaming devices to photocopiers to, and I am not making this up, toilets are connected to the Internet. Yet, the research firm sees netbooks being left in the cold next year, despite a growth rate of nearly 270% in 2Q09.

According to Yankee, the netbook growth numbers are skewed, ignoring one key element of the buying experience: returns. New internal Yankee Group research shows that many retailers are experiencing netbook return rates as high as 30%. Yankee believes netbooks will be squeezed from above by low-priced laptops. Several laptop vendors have already lowered their prices. Toshiba, for instance, offers 15.6-inch laptop for as low as $350.

Meanwhile, expect to see netbooks squeezed from below by handsets. With smartphones gaining more and more ground each month, where does a netbook fit in the device pantheon? Instead of buying one, why not wait until you’re ready to replace your handset and let a carrier foot the bill for a device that does pretty much anything a netbook can do―all while fitting in your pocket?

8. Cloud security becomes a real, rather than a conceptual, problem. Okay, admittedly this isn’t the first time you’re reading about Cloud security. It is one of Cloud computing’s main bugaboos. However, much of the concern over securing the Cloud has been forward looking, rather than an in-the-trenches IT reality. Expect that to change in 2010.

According to Craig Lund, CEO of MultiFactor Corporation, a provider of identity enforcement solutions, Cloud security will come down to two things: 1) the integrity of the application and its data, wherever that data resides, and 2) the identity of end users.

For item No.1, the Cloud or application providers―Amazon, Google, Microsoft, Salesoforce.com, etc., will eventually tackle the problem. “The cloud provider must find a way to serve up the data, protect it against disaster, secure it from attacks and protect the database storing that data,” Lund said. “The winners of the Cloud game, whoever they are, will either be big companies or become big companies. When large companies put their resources towards solving a problem like this, they have a pretty good success rate.”

Moreover, a large organization will have deep enough pockets to make you whole should something go wrong and cause you direct harm. In other words, if a TJX-style data leak happens because a Cloud database wasn’t properly protected and encrypted, it should be the Cloud provider solving the problem, not you.

Item No.2 is trickier. “What they can’t do is ensure your identity,” Lund said. Most Cloud providers are leaving it to the enterprise to control access―and they really have no choice. It’s the enterprise’s responsibility to tell them whom to let in and what level of access that person should have. That doesn’t mean that enterprises have the proper tools for this, though. “Unless you have the proper processes, policies and technology in place to enforce identity, you’ll be at risk,” Lund added.

Some organizations may decide to outsource access control and identity enforcement, but that’s a big risk. Can you ever trust anyone enough to be in charge of all of your organization’s identities? You would have to have a bank-level of trust in the ID-control agency. (Perhaps that’s a bad analogy. After all, who trusts banks, or at least bankers, these days?)

The point is that enterprises have a pretty sophisticated tool at their disposal for ID enforcement, one that is in-house and under their control: Active Directory or LDAP. What they don’t have is an effective way to bridge those identity servers to cloud applications.

You have two choices, then: you can export your identities to the cloud, which most organizations will balk at for a number of reasons, control being at the top of the list. The second choice is to replicate your identities, keeping one in-house and sending one out to the cloud, which clearly isn’t ideal.

Fortunately, there is an emerging the third choice, which is to find the proper tools to bridge that gap. In 2010, organizations will search for, and eventually find, effective ways to bridge the enterprise and the Cloud, moving from the remote-access model, which relied on VPNs and DUN servers to a remote-data/remote-app access model, where it’s the data that is remote, not necessarily your employees.

Cloud security startups such as MultiFactor with its SecureAuth solution, Ping Identity with its eponymous products, and Symplified with its SinglePoint solution, all tackle the problem.

While the space is new, it is being validated by the rapid adoption of these solutions in heavily regulated sectors, such as health care, finance, and the government.

9. Virtualization and Cloud computing force companies to re-conceptualize the desktop. There’s more to the Cloud and virtualization than figuring out how to secure and manage the applications involved. One of the difficulties is figuring out the end devices. For cash-strapped organizations or those organizations that are finally fed up with the management and security issues (patching, dealing with different software versions, different OS's, etc.) that come with a slew of discreet PCs, new computing models will be embraced in 2010.

This won’t be a tsunami of change, but change is coming.

Case in point is NComputing. “The old desktop computing model is no longer sustainable,” said Stephen Dukker, CEO of NComputing. “SMBs and enterprises alike will embrace desktop virtualization in 2010 as they reevaluate the outdated one-PC-per-person computing model and realize that they can get more cost-effective and greener technology with desktop virtualization.”

Granted, a desktop virtualization vendor will obviously trumpet desktop virtualization. However, NComputing backs up its claims with a robust client list and some telling real-world examples. For instance, Valley Yellow Pages, the largest independent phone directory publisher in Northern California, considered purchasing PCs for each of their account executives but decided that new PCs would be too expensive. They also realized that their account execs didn’t really need full-blown PCs to do their work.

Instead, Valley Yellow Pages deployed the NComputing desktop virtualization solution. NComputing has a unique take on desktop virtualization. Rather than having a distinct and high-dollar desktop virtualization server and fairly robust end devices, NComputing takes the unused power of an existing, in-use PC and shares it among multiple users. Think of it as a public kiosk that, with the addition of software and cheap replicating access boxes, multiple people can use at once via cheap keyboards, mice and displays.

However, new computing models overlook a serious problem: software licensing. In a related story on virtualization for sister-site Datamation, I discussed software licenses with Gartner analyst Tom Bittman.

The gist is that software licenses, based on a per-seat or per-CPU model, just don’t translate to the Cloud. How, then, are so many organizations offering Cloud-based applications? Are they just violating their licensing agreements? “No, what they’re doing is entering into custom licensing agreements,” Bittman said. “Software vendors are negotiating each and every deal.”

That model is fine with a few large organizations doing it, but it certainly won’t work for broader adoption. Vendors will have to move to usage-based pricing, which many are still reluctant to do. Until they stop dragging their feet, though, the applications made nimble and free through virtualization and Cloud computing will be reigned back in by out-of-date licensing agreements.

10. The enterprise struggles to control social networking. This is kind of a do-over on one of last year’s misses. Last year I predicted that social networking would slow down in the enterprise. It didn’t. I made two key points. One, social networking is the new time waster in the workplace. While some productivity-obsessed organizations do indeed block access to Facebook, MySpace, Twitter and the like, many more are asking their employees to leverage their own social-networking contacts for work.

The second point was that social networking sites are a security risk, mostly from a data-leak perspective. Actually, it’s turned out to be about more than data leakage. Social engineering attacks are emerging as the big problem for 2010.

I should have seen that coming. In my defense, I sort of did, but I chalked it up as a consumer problem, not an enterprise one. That was a mistake. This is indeed an enterprise problem. After all, attackers can take one look at your profile, know who you work for and can target employees of a specific organization, whether those employees access the social networking sites at work or not.

Spammers are also in the game, and where there is spam, there is plenty of fraud. Alex Quinonez, VP-American Operations for Cyberoam, a provider of unified threat management (UTM) solutions, noted that sites like Sourceforge.net and legitimate file-sharing service like Google spreadsheets have been targeted by spammers.

Few organizations will block either of these sites. Employees would hoot and howl if they did, and rightly so. However, Sourceforge.net has a wiki subdomain which allows solution providers to add their own related content. “In a recent security incident, spammers filled the user-generated wiki page with keywords and links to pornography sites, leveraging the popular domain and its subdomains to rank their own sites higher in search engine results,” Quinonez said.

Similarly, Google spreadsheets is considered trusted and gets through spam filters. “Pharmaceutical spammers encrypted the end key of the acceptable spreadsheet URL so that spam filters would fail to detect the malicious key,” he said. The pharmaceutical spam trick was similarly used with Facebook’s familiar blue-header. Spammers used it to fool spam filters that cannot identify image-based spam.

What does this mean for 2010? Most organizations will create social media policies in the coming year. Whether they enforce them or not or even can enforce them is a different matter. In a sign of things to come, security startup Immunet raised $2 million of Series A VC funding in November from Altos Ventures and TechOperators to develop “social antivirus software.”

Okay, that does it. We'll see if 10's the magic number for me in 2010. I'll let you know in about 12 months. Cheers and Happy New Year!

Jeff Vance is a freelance writer and the founder of Sandstorm Media, a writing and marketing services firm focused on emerging technology trends. If you have ideas for future stories, contact him at jeff@sandstormmedia.net or visit www.sandstormmedia.net.