Top 9 Security Trend for 2010By Dipankar Das, Gaea News Network
Saturday, March 20, 2010
2010 is going to be the year for ongoing change. The onset of cloud, social media and virtualization technologies will lead the cybercriminals to adopt new methods such as ransomware and crime as a service, is going to threaten the enterprise at large. After going through different security bulletin and information, I gather some idea about the upcoming security trend in 2010 and I am happy to share this with you.
- The latest trend is the mash up application which combines data and functionality from multiple systems to form web integration system. The change of software security is moving such a faster rate that it is becoming difficult for the IT security people to provide guidance.
- Most of the time company suspects external network for the breach of application. But, now a days, internal network is not also safe. As per DataLossDB.org., there are 1.5 million breach of internal records in 2009 by some malicious insiders.
- HTML 5 has varieties of new features that can wipe out previously established security control. While developers are developing new applications with the new features, they are not going to consider all of the associated security risks until the deployment of new technology.
- Many companies cut down the software security risk for the last year due to the recession because huge cost is associated with it. Since, the economy is improving gradually, companies will further focus on risk management.
- Most of the wise organizations will consider the application vulnerabilities as a software defects. The security team will work with the developers to fix those software issues and will leverage existing development and maintenance process to resolve the security vulnerabilities.
- The future consolidation of product vendors will provide with a wider range of security capabilities and consistent approach. The system integrators will realize that security is a meaningful gap of their service and they will try to address the issue with more acquisition.
- Virtual patching means that you set rules at your web application firewall for any future known risk. Companies are going to adopt the concept of virtual patching more to get protection while code-level fixes are implemented.
- Many major organization concentrate on automatic scan of the application to figure out the the technical vulnerabilities. But, attackers are changing their focus to attack the business logic of the applications. So, organizations will shift their focus for more manual testing and code reviews.
- As corporates will concentrate more on Security programs, they will add up costs as standard metrics in finding and resolving the technical glitches as well as the time frame to fix those problems.
Tags: Business Logic, cloud computing, Cybercrime, Firewall, HTML5, Huge, Mash up, Ransomware, social network, Software Security, Virtual patch, Virtualization, Web application