• PC World
• »Tech Industry

Whereas 2001 be remembered as a year marked by an exhausting string of virus attacks and cyberterrorism fears sparked by the events of September 11, security experts predict that computer security in 2002 will shift away from perimeter defenses in favor of internal access control and authentication management.

"Physical access, who you are, and [whether or not] you are allowed [specific privileges] is going to be among big technology questions that are going to be answered in 2002," says Charles Kolodgy, Internet Security analyst at Framingham, Massachusetts-based IDC.

"Smart cards, USB [Universal Serial Bus] tokens, and biometrics will be some of the hot areas because companies, organizations, and others are beginning to realize they need to have a better handle on who's coming and going," Kolodgy says. "Passwords just don't give you enough confidence in these things."

Safeguarding Web Services

Users can also expect scrutiny directed at Web services applications. They may see improvements in the nature of safeguards to protect a specific set of database records--such as profiles or user accounts--while in transit across systems to validate identification, security experts say.

"Anyone not thinking about Web services for back-end integration will be behind the eight ball for 2002," says Peter Lindstrom, director of security strategies at Hurwitz Group in Framingham, Massachusetts. "Web services is about simplifying communication between systems. That's where encrypting and signing the data becomes significant. It's not just data. It's content and context."

Lindstrom points toward a handful of vendors that look to build on capturing brisk Web services security momentum in 2002, including Vordel Systems, Netegrity, Foreign Systems, and Zolera.

Making a Comeback

In fact, Lindstrom says that he believes security software will mount a comeback atop users' return-on-investment budget considerations as internal access issues such as lax user account passwords and ID management shift from nuisances to legitimate corporate threats. Lindstrom contends that the connection between workflow and self-service management and authorization/authentication was largely ignored in the past.

Vendors that provide an automated process to create, administrate, and manage user accounts include Waveset Technologies, Business Layers, Access 360, Courion, Thor Technologies, and BMC Software.

"I think software will take the lead [over hardware solutions]. You name the security player, and they have a management framework coming down the pike. Management frameworks will mature over 2002 and get a sense on how we're going to do enterprise security," Lindstrom adds.

Still, Kolodgy notes that users will find a strong push for beefed up USB tokens and Secure Socket Layer cryptographic acceleration products that require less-cumbersome readers as alternatives to smart cards. In general, security hardware products remain attractive to customers due to ease-of-use functionality.

"You don't want users to play too much. You want distributed firewalls and products that don't need a lot of human interface. [With hardware], you don't need to worry about support, upgrades, or patching. The software is still on [the] high end, but appliances make it easy to fit in," Kolodgy says.