This year, security pros will finally get in the groove and refocus on security's primary task: Keeping corporate data safe. Easier said than done as insecure, albeit innovative, SOAs and Web 2.0 technologies take off like rockets in the enterprise, chased by incredibly motivated attackers. Beating developers and app vendors over the head while demanding impenetrable code may be cathartic, but it will get you nowhere. Instead of pointing fingers, look to innovative XML and SOA security appliances. Protecting endpoints will get easier as well, thanks to developments in active protection and scanning tools.
As for compliance, can we have some sanity? Rather than fighting the inevitable, embrace the spirit by reconciling internal and external security policies and postures, and welcome external auditing--face it, it's a good and underutilized practice. Yes, you'll still hear way too many product pitches that promise magic bullets. No, there isn't one, but vendors have made strides. Database protection is finally mainstream, for example. Now, you need to figure out where sensitive data resides on your network. The same is true of applications: Knowing what Web servers have been thrown up outside of IT and what data they're offering--and to whom--is a big job. Ensuring that those applications are locked down is an even larger task.