ComputerWorld has come out with its set of predictions for security related incidents likely to make headlines in 2004. Especially telling is their statement that "Many will begin to understand that the problem isn't with the technology, it's with the people!", something us technology people have been trying to get across for years. What makes anyone think 2004 will be any different?

Both USB ports and free access to each and every IM service do nothing to remind employees that the computing resources and data they manipulate on a daily basis belong to the company, not them. Yes, it is a people problem when these tools are used to carry confidential data into the wrong hands, but how do you reinforce this message and how do you remove temptation?
On the IM front we might see companies use internal messaging systems such Jabber and Sametime. USB ports are not so easy to control especially since these USB drives are so small and easily hidden. Perhaps some vendor will come up with a way to control allowable devices by vendor id and product code? For example, this could easily be part of the TrustedCore efforts put forth by Phoenix Technologies' cME project. (Unfortunately this project's design appears to be extremely Windows-centric and it is not clear whether any OSS can make effective use of it.)

And so, as usual, efforts are already underway to come up with technology-based solutions for what ComputerWorld so accurately pointed out, are really people problems...
Some things just don't change!