Monday, September 24, 2007

5 years from now!

Stuff to think about:

- PCI DSS(Payment Card Industry Data Security Standards) QSA (Qualified Security Assessor)
- NetFlow/IPFIX (Crannog/NetScout/Arbor) as networking/security is increasingly about context/relationships/visibility.
- Normalization/baselining tools a la PeakFlow, SourceFireRNA
- Visualisation and Modelling (Opnet)
- IDS/Rootkit detectors for virtualised environments.(Watch this space... BluePill/F-Secure )
- Security Metrics(emerging/huge future as currently un-quantifiable!) and audit via Skybox / Algosec
- Digital Signage, MCAST/P2P distribution JOOST style.
- Infrastructure/solutions to facilitate SoaS(Software-as-a-Service) e.g. Salesforce/Joomla/Atlassian(Confluence)/GoogleApps/Zimbra/Zoho, virtual offices whereby nodes act as client/cache/server and don't backup locally but more to Web Services akin to AWS(Amazon Web Services),S3,EC2. Managing a virtual customer's DNS and aggregating management of their services has potential?
- Mobile and mobility gateways, 3G(HSDPAv2) vs WiMAx back-haul for project offices/satellite sites and SME/SOHO
- Location based services and GIS(Geographic Information Systems)
- Identity Management via OpenID/Cardspace(InfoCard) hosted services.
- Thin clients (Neoware)
- Fixed Mobile Convergence(Still a while off!) Engin / MyNetPhone / SIP/IAX/Asterisk

Web 2.0+ has as many solutions as problems, a new middleware-tier('internet-service-bus' if you will!). Businesses will increasingly want more audit/control and lower operational overheads and greater security via thin-client computing utilizing the browser as the platform of choice, also generating secure local host based flows for compliance and reporting. Thin clients and infinitely scalable distributed computing/storage is on the way. If you don't run the data-centre processing/storage nor have the power, you'll want to control the gateways/reporting/auditing/caching and own/re-sell/manage as much of the local infrastructure/bus and back-haul as possible!

Regulatory and compliance requirements will always have a perceivable effect, especially in the financial services sector.. but with breach disclosure laws on the way in Oz the security -> landscape/consulting/auditing/accountability/visibility aspects of networks/services are not going to allow organizations to keep their heads in the sand for much longer.

Twitter'ish musings...

    Come join me on Twitter