As 2010 draws to a close, it seems an appropriate time to consider the changes that have taken place over the last twelve months and look ahead to the coming year.

In terms of payments security, 2010 was a big year for PCI DSS, with version 2.0 of the standard coming into force. Despite showing progress and clarifying a few points, however, it’s fair to say that the long awaited updated didn’t provide as much of a big bang as some were hoping for. Another such generic update to the standard will not answer people’s questions, especially around more concrete requirements for various technology areas. Instead we look forward to the specific validation guidance documents that are slated for release in 2011.

With these developments happening, companies need to remember that PCI compliance is only one piece of the security landscape.  It requires much more than PCI DSS to keep up with the evolving security threats against their data.

Another area set for big things in 2011 is of course the cloud. Hopefully not another volcanic one, nor a hazy, post Christmas over indulgence one, but a cloud that enables individuals and businesses to store inordinate amounts of data virtually. We expect that organisations will start preparing for the cloud in 2011, but also that they will not fully migrate. This is because there has been a growing realisation that 2011 security budgets need to focus on enhancing private security infrastructure before they can take full advantage of the scalability, efficiency and financial benefits that cloud computing will ultimately bring.