Here are my predictions for the New Year. I might be kidding about a couple of them, see if you can figure out which ones they are (maybe I should just say that any that don't come true were the jokes). Overall, my thinking is that the economy appears to be at least stable enough, and the government is being active enough within information security to say that the industry will see an improvement over 2002.
Cost of Viruses Decreased in 2002 - I predict that Computer Economics will issue a press release in 2003 saying that the business cost of viruses has fallen for the second year in a row. This number, which was $17.1B in 2000 and $13.2B in 2001, will be $11B in 2002. I won't give the AntiVirus industry as much credit as they want, I think awareness - more specifically "once bitten, twice shy" is the greatest factor. Still, I think corporations are "locked in" to their current AV strategy for a few more years and I don't expect major changes within this industry. All-in-One appliances offering AV or Hosted AV services will offer some new solutions to smaller businesses. Will this decreasing trend continue in 2003? It only takes one extremely well written, imaginative virus that preys upon people's current mentality to change an entire year. My guess is that we will see one of those in 2003, which will stop the decreasing cost trend, but again will not change the AntiVirus industry outlook in the near term.
Identity Management's "Killer App" - The problem with solutions like PKI and meta directories is that they first came at us with the big picture, and not the "killer app". Self Service Password Resetting looks like a killer app to me - reduced help desk costs, faster password resetting means increased productivity and once users see how easy it is, they won't bother to write their passwords on sticky notes - the bane of CSOs everywhere. I see Self Service Password Resetting as a hot project in 2003 - we may even see the massive "Sticky Note Industry" applying for federal disaster relief.
MSSPs will have a good year in 2003. This is their year to grow. There is enough maturity in product offerings and corporate planning to outsource at a greater level than before. Also, it is still too small of a market for global service providers to aggressively target. What are the metrics of a good year? I would say 20% revenue growth for quality MSSPs.
Automated Patch Management - We will see an uptake in this in 2003, although the bigger growth will occur in succeeding years. The big driver will be the breaking down of the corporate philosophy of proprietary, standardized desktop images that change infrequently. The rapid introduction of new vulnerabilities is forcing a more pragmatic philosophy to maintain desktop machines according to standards recommended by the vendors. The big question is, will the patching solutions be done by extending current system management products, the niche patch management industry or a hybrid combination?
Internet Infrastructure Attacks - I expect that we will see 1 or 2 significant attacks on the infrastructure of the Internet that will have origins in the US, Middle East & terrorism conflicts. Like the 9/11 attacks, I expect them to be directed at commercial targets, as an attack on the civilian infrastructure versus direct attacks on the military, which are much more difficult to carry out. DNS, PGP key directory servers, certificate servers enabling e-commerce, large US corporations - these represent the targets of likely attacks.
IDS - By the end of 2003, I believe that the market will clearly recognize that Host-based IDS provides a better method for Intrusion Prevention than Network-based IDS. NIDS is not going away, but will evolve to provide "bigger picture" threat recognition that will prove complimentary to Host IDS, AntiVirus and other security components. All significant NIDS products on the market will have some behavioral based attack recognition.
Finally, Kevin Mitnick will win the California State lottery three weeks in a row, but unfortunately will not be allowed to claim the prize.
CSOinformer is edited by Jim Reavis, founder of SecurityPortal and longtime industry analyst. This monthly newsletter is targeted at people who must take a strategic, multi-year view of the information security industry, and we promise insights you will not find anywhere else.
CSOinformer is a service of Reavis Consulting Group, and is published on the second Tuesday of each month.