Happy New Year, to all of you!!!

Let me wish you for 2010 and the new decade a lot of great achievements, big success in whatever you will do this year, lots of joy and happiness, many smiles and laugh and of course very strong health!!!

2009 brought a lot of changes to our team. Daria took over a very big responsibility within her company and I can only congratulation her to the fantastic achievement. For Igor the step from an external partner to an internal employee with bigger responsibilities took place. I guess most of you are aware that I changed many things in my professional live as well. I switched from pharmaceuticals into the financial sector, instead of Switzerland I work now in Germany and instead of being at home every evening I now have an apartment downtown of a major city in Germany.

Based on all these changes the three of us had plenty other things to do and the focus on our work for this blog got diminished. We used the joined Christmas party to sit together and chat about the future of ITRiskSpace.com and we decided to continue with it. We received last year really good and positive feedback and it would be a pity not to continue and to keep this virtual interest group together and alive.

We started February 2009 with this work and since then we have seen:

• More then 16’000 unique visitors (search engines filtered out)

• Originating from more then 100 different countries around the world

• Generating > 600’000 access requests

• References on Twitter, Facebook, LinkedIn and other social networking sides

• References in major IT and Security news sources

• Invites for major conference presentations

If you haven’t seen the latest Swiss ISSS movies where I gave a presentation you can find them here http://www.youtube.com/results?search_query=andreas+wuchner&search_type=&aq=f

In 2010 we will continue to keep our high quality approach. Even if the number of articles may be lower then it was in 2009 we plan to report on all major and actual Security and Risk topics and we will also write about the important conferences in our field if one of us is able to participate. We will for sure be again on the RSA 2010 in San Francisco and also on the Black Hat in Vegas. I know that many of you are visiting conferences as well. Let me invite you in such a case to report about it on our platform to generate interest and inform other readers.

After a couple of drinks at our party we started to chat about 2010 and the hot Security topics that we expect to face in the course of the year. We identified the following areas:

Externalization of data

As more and more data elements are accessible from all kind of places we expect to see major issues and discussions around cloud services and the security going with them (enabler or disabler???). With this move the importance of the perimeter goes down more and more but is this really true and the right thing to do? Are the applications, which become the first security enforcement point now, ready to deal with that? Last but not least what’s about Security Zoning concepts? We talk about them since some time already and I see more and more companies realizing them together with WAFs (web application firewalls). This will for sure generate some surprises.

Some of us are putting valuable company data out to an Internet based service at the same time we don't have an universal standard for secure mail exchange which is usable and convenient for the users???

The web browser becomes more and more the major access tool. Based on the known attacks we expect to see more focus on "secure browsers". Have you every looked at Quaresso? http://www.quaresso.com

Mobility

With the growing mobile enablement of the enterprise the mobile device has become a real target for criminals. We are sure that we will see much more Malware but also SPAM, Phishing and Pharming attacks targeting mobile devices.

Access

I think we all agree that access security is a really old topic but at the same time news are full of horror stories based on weak access security and Audit discovers again and again findings in this space. We expect to see more focus on access security again in 2010 and we hope that finally Two-factor authentication becomes the real standard. Have I ever mentioned the Yubico approach here? You may want to look once at http://www.yubico.com

Social Media

We had a long debate on this one. I think we all agree that the use of social media has changed the way we communicate and market many things. Trust has become a new security fundamental. With this it has become again a nice target for criminals. I expect to see social networking threats to “skyrocket”.

System Security

The last couple of years we have seen a lot of great achievements around security in the IT infrastructure space. With the growing reach of the network and with the fact that every single device will have an IP address soon we expect a focus on them. Network attached peripheral devices will be targeted more and more and with the low security level in this space we expect some noise.

The growing use of Apple computers within the business makes them a target. Will soon the “Apple be eaten by worms”???

Antivirus packages are more and more unmanageable, right? They are huge and every time something new comes up they need to be updated. The AV vendors just can’t keep up with the pace of the bad guys and I’m not even speaking about the mobile device world in this case.

Windows 7

Many if not most enterprises have skipped Windows Vista and we will see major rollouts of Windows 7 in 2010. We are sure that Microsoft has done everything to secure Win7 by design and by default as much as possible but what’s about the people implementing it? We expect to see some bugs in the new software and flaws in the way organizations are implementing Win7.

It goes without saying that we expect the old known attacks to stay and that we will still see old things like SQL injection attacks. We also expect that the trend for targeted attacks will continue and that instead of creating a lot of noise commercially focused attackers will try to keep below the radar screens to stay undetected.

At the end our End-users will stay as being the last chain in protecting our important assets. Without proper focus on awareness, training and education we will loose this race.

With this we want to wish you all the best for 2010 and in case we missed anything in our list or you disagree with the content please let us know. As usual feel also free to send us your ideas, feedback and comments. Either directly on the blog or via mail at blog@ITRiskSPace.com

Cheers