07
Dec

Heard on the Street — Predictions for 2012

Written by Andrew Jaquith. Posted in Blog Post

The Perimeter STAR Team holds its “Heard on the Street” call every week on Wednesdays. On these calls, the team discusses hot security trends, current events, and issues that our customers should be aware of. Below is an annotated summary of the topics we discussed this week, which we present as a service to our customers and to the public.

This week, in a special edition of HOTS, we asked the team to bring two ideas with them: (1) their favorite security, email or networking story of the year (either “best” or “worst”) and (2) one surefire prediction for 2012. Here’s what the team discussed, which we present for your entertainment.

Will Campbell, Senior Director, Network and Infrastructure Engineering

Will’s Evidence-of-Scarcity Story of the Year: IANA gave out the last IPV4 address blocks this year. In 2012, we will see a lot more constraints on giving out address blocks. This will cause more companies to adopt IPV6. Note that this has already happened in countries outside the US, which weren’t given as much address space to begin with, and so depleted their blocks more quickly. As a result of the increased uptake in IPV6, we expect to see more IPV6-related security weaknesses.

On a side note, Perimeter owns a Class B IPV4 address block. We’ve used about 1/4 of it. (ARJ asked, jokingly, whether we could put it on the company’s balance sheet as an asset.)

Will’s Reality-Distortion-Field Prediction: More companies will try to emulate Steve Jobs with their products: better focus on customer experience and product design. They will avoid putting “the sales guys” in charge.

Will’s Stick-Money-Under-The-Mattress Prediction: As a currency, the Euro will fail next year. Greece will essentially be “voted off the island.” As evidence, just look at the trouble Germany had selling its own bonds a few weeks ago.

Tom Neclerio, SVP Professional Services

Tom’s Advanced, Persistent Story of the Year: by far, it was the RSA hack. It shed a lot of light on a subject that wasn’t talked about much before: advanced, targeted attacks that go after a company’s trade secrets.

Tom’s Take-It-To-The-Bank Prediction: I predict mobile data leakage features will become a major point of focus for banks in 2012. I’ve talked to many banks that are used to the idea of using data leak prevention (DLP) software to filter out violations in their email systems. They are very worried about data loss over mobile phones. A key problem is that on personal mobile devices, the openers typically use both personal and work email accounts on the same device. Without appropriate controls, it is too easy to forward emails from work to Gmail, for example.

[Note from ARJ: Perimeter/USA.NET's SaaS Secure Messaging suite provides channel DLP features for detecting credit cards, social security numbers, keywords and other patterns. We'd be remiss if we didn't tell you this, right?]

Ron Martin, QA Manager

Ron’s Story of the Year: I’d agree that the RSA story was it.

Ron’s Credit-Card-With-An-Antenna Prediction: We will see more personal data theft coming from smartphones. There are two problems. From the company perspective, they worry that their information will be stolen or leaked. That’s the first problem. On the personal side, consumers and employees who possess these devices are at increased risk of the theft of personal financial information.

Ron’s Fear-The-Cloud Prediction: We will see at least one new class of vulnerabilities introduced related to cloud services. Cloud platforms are relatively new, and while the attack methods are likely to be similar to those seen with other technologies, cloud has some unique properties. We will see at least one new novel attack technique disclosed, and perhaps used against a major cloud infrastructure provider such as Amazon, Rackspace, GoDaddy or IBM.

Jeff Lathrop, Senior Exchange Developer

Jeff”s Trust-Is-For-Suckers Story of the Year: some of our supposed gatekeepers to the Internet — the SSL certificate authorities — were compromised this past year. As we saw in three cases, Comodo and Diginotar were shown to have issued certificates to unauthorized parties. In Malaysia, the DigiCert CA’s root was revoked by Mozilla and Microsoft after having been shown to be issuing weak certificates in violation of best practices.

Jeff’s Wearier-But-Wiser Prediction: In 2012, we will see more of the same. None of the problems we saw reported this year have been fixed: the CAs issues, DNS problems, personal data leaks on smartphones, privacy issues with Facebook and Google etc. With Facebook, for example, all they got was a slap on the wrist. Because none of the underlying root causes were fixed, 2012 will be a lot like 2011, but more of it.

Andrew Jaquith, Chief Technology Officer

Andy’s Wearier-But-Not-Wiser Story of the Year: The RSA breach was the biggest one by far, as measured by the amount of company resources it took to deal with it. We are an RSA reseller and thus a partner. We learned about the breach by reading a press release. Our customer support teams, operations staff, corporate communications teams and executives worked hard to understand the issue in depth, keep customers informed and create an action plan. That’s hard to do with a breaking story, especially when the vendor isn’t forthcoming about the risks. We wish RSA had handled the situation differently.

Andy’s Tipping-His-Hand-For-Next-Week Prediction: Because we will be hosting our annual “Five Predictions for the New Year” webinar next Wednesday, December 12th at 2PM Eastern time, I’d rather not tip my hand about what all of our predictions in this post. In the meantime, here is one we will be talking about. I predict in 2012, we will see legislation enacted that makes it a crime to mishandle location-based information contained on a mobile devices. There will be generous carve-outs for the usual suspects: national security and cellular carriers. Come to our webinar next week and find out the other four!

Tags: , , ,

Trackback from your site.

Andrew Jaquith

Andrew Jaquith is the Chief Technology Officer of Perimeter E-Security. Before Perimeter, he was a senior analyst with Forrester Research and Yankee Group.

Leave a comment