Lets compare the OS to automobiles. Some gear heads care about their engines exact horsepower and precise number of cubic inches, but most consumers dont. Most consumers think more about functionality. Is it fast? Is it economical? Is it a truck? Is it a minivan? To them, horsepower simply means decent power, regardless of the number. If it didnt have power, after all, why would they advertise the horsepower?
Were entering that same phase with the operating system. No one cares much anymore about whats under the hood. They just want it to work and allow them to do the things they want to do, whether its streaming video or gaming or running multiple productivity apps at once and having them all interoperate.
5. Security transitions to a risk-management model. The other day I was talking with Geoff Webb, senior product marketing manager at NetIQ, a provider of systems and security management software. He believes that security is slowly but surely moving to a risk-management model.
The trouble, as I see it, with the risk-management model is the concept is rather abstract. How do you quantify risks for your companys board so that your security dollars arent cut in the next budget? According to Webb, were only just starting to have the right tools to quantify risks. Network visibility tools are important. However, if you can measure how a new solution has actually diminished attacks, youre even better off. Even that, though, is probably not enough.
We could really use some agreed upon metrics and for security. I was actually talking to a security officer who said that he kind of wishes his company would be hit by a virus or worm, Webb said. He wasnt serious, obviously, but his point was that if you do your job well and your organization stays safe, upper management mistakenly believes that the risks must not be that serious. Therefore, they start taking away your budget.
Adopting a risk-management strategy is a start because youll be forced into adopting such things as risk scores. But what exactly do you measure and how do you even refer to your measurements? Today, it varies widely.
For instance, Webb pointed to what he calls the malice-without-thought threat category. In the new CSI Computer Crime and Security Survey, 25% of respondents felt that over 60% of their financial losses were due to non-malicious actions by insiders.
While there are plenty of security savants out there, what we need is an IT security Bill James.
What is the security equivalent of OPS (on-base plus slugging percentage)? There isnt one. Perhaps 2010 will be the year that we find one.
6. Smart phones dominate. Earlier, I discussed how the mobile handset/carrier market took it on the chin in 2009. What I didnt mention is that one of the bright spots in 2009 was smartphones. The iPhone, Google Android, the Palm Pixie, HTCs Droid Eris, and Blackberry Bold are all sought after shiny new gadgets.
In fact, while Gartner was cautious about IT spending and even the overall mobile market, it noted that for Q2 2009 smartphone sales were way up. Smartphone sales surpassed 40 million units, a 27% increase from the same period last year, representing the fastest-growing segment of the mobile-devices market, Gartner reported.
What does this mean for IT? It means you better start figuring out how to manage these gadgets. Remember how much trouble laptops were (and still are)? At least, many laptops are corporate property, so you can demand that your employees load them up with whatever security and control software you prefer. Most smartphones are user-owned devices, which means that the most you can do is create policies, hold your breath, and hope people follow them.
Worse, the replacement cycle for smartphones, even if it is getting longer these days, is still much shorter than for laptops. Once you have control over a certain category of devices, people will start lugging around newer ones with innovative features you havent planned for.
Look for vendors to put emphasis on enterprise smartphone security and management solutions. This could even be an IT budget line for many organizations in 2010. Forward-thinking organizations, especially those already saving money via new technologies like desktop virtualization, would be wise to take that money and spend it on subsidized smartphones for knowledge workers. Then, you can force whatever sort of security solution you want onto them.
According to Gartner, PC vendors are already beginning to treat smartphones as mini-PCs, hoping to boost their market share in this segment to help offset a declining PC market. IT would be wise to adopt the same strategy. 2010 will be the year that proactive organizations do.