 |
||||||||||||||
|
||||||||||||||
|
||||||||||||||
|
|
|
||
Future Topics and Trends in Security and Privacy |
||||
|
|
|
|
|
This is a Letter From the Editor for the "Future Topics and Trends in Security and Privacy" issue of the Security and Privacy Spotlight. |
|||
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
It's year-end 2001, and as we prepare a report that will predict how information security and privacy will change in 2002, here's a taste of some of the topics and trends that we see developing in this area. Encryption: As a follow-up on our recent encryption research — "Host Encryption Options" (T-13-7356) and "The 'Crypto Genie' Won't Go Back In the Bottle" (COM-14-6878) — see "Plan to Migrate to Advanced Encryption Standard" (FT-14-9343). The imminent demise of the Data Encryption Standard has been regularly predicted in the past few years. Our concise advice on when to migrate to the Advanced Encryption Standard will be helpful to enterprises. Biometrics: Do the "eyes" have it in biometrics? Futuristic biometric solutions for user identity and authentication have been on the cusp of acceptance for years, where they're likely to remain for now, despite renewed interest in the “something you are” potential. One promising vendor’s strategy, which we believe represents a continuing trend in biometrics, is examined in "Peripheral Vision: Iridian Eyes Authentication Market" (COM-14-8280). Windows and Passport Security: Many may view the antitrust legal battle as Microsoft's nemesis in 2001. We see other problems, including continuing issues with Microsoft’s security initiatives discussed in "Secure Windows: Oxymoron or on the Horizon?" (SPA-14-7346). We also examine Microsoft’s single-sign-on solution in "Passport Problems Show Software-Based Security's Fatal Flaw" (FT-14-8719). Standards: The realm of standards never seems to stay still. "Oasis’ Standard Paves Way for Cross-Enterprise User Access" (FT-14-8819) examines the development of yet another XML standard in the emerging area of provisioning, which takes users’ rights several steps beyond simple access privileges and into the brave new world of Web services. Risk Management: Predicting the future is one thing, but some things just don’t seem to change. In "Internet Vulnerability Risk Rating Methodology" (TU-14-9003), we note that the constant flood of security vulnerabilities in software products requires enterprises to prioritize software patch efforts to manage risk. Therefore, we provide a simple methodology for classifying and prioritizing vulnerabilities today — and tomorrow. Your inquiries and comments are welcome. Victor S. Wheatman Editor in Chief Security and Privacy spotlight.feedback@gartner.com |
|||
|
|
|
|
|
|
|
|
|
|
Entire contents © 2001 Gartner, Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.
Resource ID: 349548 |
|
|
|
|