The dire state of the economy will have a direct impact on enterprises in 2009. Financial losses initially confined to the sub-prime loan market infected broader financial services and, in turn, rippled outward to the construction, retail, and transportation industries.

All businesses are now under pressure to cut costs – and that means eliminating jobs. With more mass layoffs expected to come later this year, chief information security officers (CISOs) will be asked to take decisive measures to keep their firms’ confidential data from walking out the door along side their employees.

To this end, Forrester expects that in 2009 data protection tools will be seen as a critical technology for limiting the loss of sensitive information before layoffs happen.  Employers will buy data leak prevention (DLP), device control, and Web filtering technologies to help them clamp down on nervous employees sending themselves attachments to outside Webmail addresses, copying documents to USB thumb drives, or posting to outside blogs.

Full disk encryption will also be a key tool in the CISO’s bag as a complement to DLP. Disk encryption protects the entire contents of a worker's computer in the event of theft or loss. Of 500 large enterprises Forrester recently surveyed, 35 per cent have already deployed full-disk encryption. Forrester expects that by 2011, three-quarters of large and very large enterprises will make full-disk encryption a standard part of their PC builds.

In addition to taking steps to safeguard company data and documents, CISOs will be asked to watch another worrying concern: the abuse of privileges by authorised.  Enterprises often grant employees too many application privileges, or fail to remove access to applications when they take new positions within the company.
 
In 2009 entitlements will give business leaders major headaches; personally identifiable information will cause much of the discomfort. Some of the drivers of the problem may include employee curiosity. Forrester predicts that more high-profile stories about unauthorised snooping will become much more common next year. If 2008 was "The Year of the Lost Laptop," 2009 will be "The Year of the Curious Customer Service Representative."

Another driver may be the temptation to earn ‘quick money’, as customer information used to manufacture identities and open credit continues to be valuable. Recent security intelligence from Symantec, for example, states that underground prices for consumer credit card details range from $0.50(£0.35) to $12 (£8.40) per card. By that measure, an entitled employee with excessive privileges at an online merchant with sloppy internal controls could sell 10,000 card numbers and make a quick $100,000 (£70,000).

Further to spirited and public debates over wide-open healthcare records, interoperability and access control of electronic personal health records will become a more significant priority and drive greater awareness of entitlements in healthcare, life sciences, and beyond.

As auditors have gained more experience assessing compliance with Sarbanes-Oxley and other statutes, they have become increasingly aware of the perils of excessive entitlements. Greater awareness has led to tougher audits. Now enterprises must be prepared to explain who got access to what application features, and why.

Forrester expects that deployments of hosted application and desktop virtualisation technologies, such as those from Citrix, Microsoft, and VMware will rise in 2009.  Client virtualisation has long been used to address remote access and manageability concerns. But today, the majority of Forrester clients justify new client virtualisation deployments by the need to secure data on the user PCs. Increased data concerns will make client virtualisation more palatable to CIOs because enterprises will see it increasingly as a dual-use technology that can increase productivity and security at the same time.

Historically, highly regulated industries such as healthcare and financial services adopted client virtualisation first because of the clear linkages to security. Throughout 2009, increased turnover in employee ranks will offer further justification to these and other industries, based on client virtualisation's potential for decreasing the possibility of data breaches. As a result, data security will continue to be the No. 1 driver of client virtualisation initiatives through 2011.

By Andrew Jaquith, senior analyst at Forrester Research

Please visit www.forrester.com/computinguk for several complimentary reports made available to Computing readers by Forrester Research.