Worldwide IT spending should top $3.4 trillion in 2008, up 8 percent from 2007, research firm Gartner is predicting.But much of that growth is due to the decline in the U.S. dollar. When adjusted for currency issues, worldwide spending is predicted to grow only 4.5 percent.

Software spending and IT services are expected to see the biggest gain, up 10 percent and 9.4 percent respectively in 2008.Analysts attributed some of the software growth to replacement cycles, but noted that "the replacement of systems does not automatically equate to new software market growth."

"Software as a service/cloud computing, service-oriented architecture/Web 2.0, and open-source software are causing huge changes to the software market," wrote Joanne Correia, managing vice president at Gartner in a research note. "Many of these factors are impacting market growth as enterprises replace assets with per-use services."

Hardware spending is expected to rise 7 percent in 2008, thanks to strong Asia/Pacific and Western Europe sales and a global shift to mobile computers.

Cloud computing is all the rage. "It's become the phrase du jour," says Gartner senior analyst Ben Pring, echoing many of his peers. The problem is that (as with Web 2.0) everyone seems to have a different definition.

As a metaphor for the Internet, "the cloud" is a familiar cliché, but when combined with "computing," the meaning gets bigger and fuzzier. Some analysts and vendors define cloud computing narrowly as an updated version of utility computing: basically virtual servers available over the Internet. Others go very broad, arguing anything you consume outside the firewall is "in the cloud," including conventional outsourcing.

Cloud computing comes into focus only when you think about what IT always needs: a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software. Cloud computing encompasses any subscription-based or pay-per-use service that, in real time over the Internet, extends IT's existing capabilities.

Cloud computing is at an early stage, with a motley crew of providers large and small delivering a slew of cloud-based services, from full-blown applications to storage services to spam filtering. Yes, utility-style infrastructure providers are part of the mix, but so are SaaS (software as a service) providers such as Salesforce.com. Today, for the most part, IT must plug into cloud-based services individually, but cloud computing aggregators and integrators are already emerging.

SCADA, the control systems for such infrastructure services as water and energy, has us worried whenever critical infrastructure defense is mentioned. Why, then, is it the most insecure industry on the planet?

SCADA security is as crucial as ever today with cyberattacks on the rise, including those that are apparently state-sponsored. And without contest, SCADA is a major target, with the most potential damage to the economy and to daily life.

Many efforts are in the works to increase the security of SCADA systems, but I do not see any measurable results. Lack of security processes, such as secure coding, auditing, and modern patch distribution systems, are some examples, but the most telling one is how SCADA vendors treat software vulnerabilities.

SCADA security vulnerability-handling is a sham as it stands today. In the 1990s, Bugtraq and other forums introduced the concept of openly releasing vulnerability information on products from IT vendors in full disclosure. Ten years later, many of these vendors acknowledge reports, work with researchers to solve the issues, and provide their clients with relevant information and patches in a timely fashion. Today many software vendors act responsibly, and full disclosure has mostly become a matter of choice.

This model may not work with SCADA, however. How do you release information when a SCADA vendor will not patch the vulnerability? Misuse can seriously damage civilian infrastructure.

Full disclosure is a public-shaming technique. Perhaps another sort of public shaming could be introduced?

One idea is to create a centralized reporting Website where SCADA vulnerabilities are tracked (with whatever information can be made public), and the vendors can be called out for their slow response and patching time.

SCADA operators say taking a plant offline is unacceptable. In my opinion, the threat is serious enough to make security top priority. If it were a priority, then SCADA systems would be designed so that patching can be done without a shutdown.

Unless an alternative is found, I will soon be of the opinion that for us to be safe two or even 20 years in the future -- when the world is even more connected -- public shaming on SCADA system vulnerabilities is the only alternative to waking up to a digital 9/11 or Pearl Harbor.

As this challenging year begins to draw to a close, I'd like to draw attention to a few trends that have emerged in recent months. Some of them are drawn from discussions I've had with CIOs; others from the nominations we've received for the 2009 Arab Technology Awards.

Let's get the big one out of the way right from the onset -the state of the market - or rather, the perception of it. Currently, fear, uncertainty and doubt rule the roost in the Middle East as conflicting reports and rumours suggest that organisations are slashing away at IT budgets, retrenching staff and cutting back at the pace of innovation.

While either or all of these may be true, it's more likely that the market is changing to adapt to the current business conditions. Last year at the awards, for instance, the financial sector was clearly the prime mover, with the big money being spent on projects focusing on new services such as SMS banking and better communication channels with customers.

Well, we've all witnessed what happened over the intervening 12 months, but in terms of nominations, banking in the Middle East is still a heavy hitter - it's just quite the absolute kingpin. That honour has now jointly passed to the government sector, which lead the nomination count this year with a mammoth 15 entries. Education was not far behind with 10 entries, so it clearly demonstrates where the money is going at present.

What's interesting is where the money is going - many of the projects are targeted towards internal users and improving services for them, rather than external ones. Infrastructure is still important, but it seems that companies are focusing less on putting in big-iron servers and more on systems like WAN optimisation and virtualisation, aiming to make better use of existing resources. ISO certification is another big winner of late, although I'm still not convinced that it really improves a company's internal processes, as opposed to simply providing better marketing material.

The other interesting observation is outsourcing - that is, we can expect to see more of it happening. IDC figures state that it comprised just 21.4% of the total IT services market in 2008, but that more MNC vendors would be coming into the space in the near future. Presently, the Middle East market - particularly in the government space - is chiefly served by semi-government managed service providers who supply basic services like datacentre hosting.

However, this scenario seems ripe for change as enterprises start to realise that day-to-day operations such as capacity planning, network upgrades and server maintenance are beneath the talents of an IT department. Or to put it bluntly - if CIOs are still employing individuals whose sole job description is that sort of activity, they're wasting their budget. Outsourcers - or managed service providers - can easily supply the manpower (complete with their own project leads) for a far cheaper price and without the HR hassles of having in-house staff.

And finally - Windows 7. So far despite all the hype, there's been a surprisingly lack of interest from the user community. At present, we have just one confirmed end-user who's interested in it - Qatar University - and even they will only seriously consider it once the current semester has concluded. The majority of customers we're hearing about are presently from the SMB segment - which may not necessarily be the sort of big wins Microsoft is hoping for.

Here's my take - I believe that ultimately, Windows 7 will be more successful that it's much-reviled predecessor. It's not necessarily because it's a overall better product - indeed, it's largely Vista 1.1 - but mainly because this time, Microsoft have got the timing right, in terms of enterprise hardware cycles.

Most of the existing XP boxes - even with some creative stretching - are nearing the end of their useful life. If Windows 7 can run legacy apps without too much issue and on a reasonable basic hardware platform, most IT managers will be happy to drop it in as part of their purchase plans in Q1 2010.

• Potential financial cost, operational impact, and brand damage resulting from a data breach involving sensitive customer data can be significant and often crippling to a company, its brand, or its long-term viability.
• The threat of a data loss and information leakage from insiders is on the rise.
• Companies are storing sensitive information of all types (Personal Identifiable Information (PII), Payment Card Industry (PCI) and healthcare records).
• The growing need to share data among colleagues, third-party vendors, customers, and partners.
• New markets are emerging for stolen data which help criminals gain competitive advantage.
• The data security regulatory environment is expanding and becoming more complex.
• To protect data from these types of risks, organizations must turn to next generation of data security solutions, such as the RSA Data Loss Prevention Suite

• Knowing -- and being able to clearly communicate - why information security is important for any organization and, in particular, for yours;
• Knowing why ISO 27001 is the right way to provide information security -- and this also means having a background knowledge of the standard and how it works;
• Knowing how the project is going to be structured, what the key elements are (there are nine of them), and why this is the best way to go about it;
• Knowing whether you're going to use consultants or do it yourself, and the pros and cons of both.