Gartner Blog Network

The 2009 Security Prediction Prediction List

by Greg Young  |  December 19, 2008  |  2 Comments

Threats and technology really doesn’t work on a calendar year, unless it is a threat specific to calendaring applications.   The analogy train basically stops at the station with the sign that says something like end of year lists are silly.  So here is a list of my predictions on what kinds of predicting at the end of this year:

  1. Large vendors will repeat their time honored annual tradition of saying that convergence is going to happen because they really need some of that Swiss Army Knife revenue action in the absence of innovation.  I mean c’mon – single invoice!  Think of the trees! 
  2. You know what we said about NAC becoming a $2B market that will achieve 100% enterprise penetration in 2008?  That was a different knock-off, shamelessly inferior pre-NAC-NAC that should never have been included in the discussion.  This year we will get the real NAC, and with free PKI, biometrics, smart cards, deperimeterization and single sign-on.  Really.  Well, maybe it will be in Q4, but technically that will be this year or at least a press release will be out.
  3. (Insert company name here) will discover more Microsoft vulnerabilities than our competitors during the next year (insert conditional statements such as phase of moon, and days with a T in them).
  4. Security Blogger A will say that he/she will not sink to the level of he-said-she-said-inside-baseball-circular-reference that they did in 2008, and by the way my prediction list is way better than that doodie-headed-NAC-lovin’ Blogger B, who also totally doesn’t get the intricacies of theoretical VMware vulnerabilities like I do and even when I am proved wrong despite picking comments out of context I will immediately declare it to be an irreconcilable difference of opinions and we should drop it in order to save face.
  5. The shark will be fully jumped with oneupmanship declarations that IT security is so important that the CISO should be the CEO.  Someone else who also hasn’t worked in a real company in a long time will immediately raise and declare that in 2009 the CISO should be the Chairman of the Board.  See list item #4 above for resulting discussion.

I predict that if you had even a slight chuckle with any of the above, you needed a laugh before continuing to counter the constantly evolving threat in uncertain times during the upcoming year.  On behalf of my colleagues in the Security, Risk and Privacy research community here at Gartner, I wish you the best success in the new year and may the predictions you work with be pragmatic and factually-based.


Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research


Greg Young
Research VP
6 years at Gartner
22 years IT security

Greg Young is a research vice president in Gartner and the lead analyst for network security. Mr. Young has experience in IT security in product companies, and in both the private and public sectors. He spent his military career in technology security… Read Full Bio

Thoughts on The 2009 Security Prediction Prediction List

  1. Stiennon says:

    I needed that laugh. Sometimes laughing at ourselves is the best medicine. Number 4. seemed to strike home.

    I will be careful in composing my predictions for 2009. It is so hard to continue a 100% correct run rate.


Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.