As we head toward the holiday season, my thoughts turn to the technology detritus of the past 12 months. It's been a year dominated by slowly loosening budget purse strings, security vulnerabilities, epidemic offshore outsourcing, ill-defined demand computing, emerging Web services, market consolidation, Wi-Fi euphoria, the virtualization craze, SCO vs. the open source world, RFID and VoIP mania, regulatory compliance and challenges to Microsoft from various guerilla camps and legal entities.

		Related Coverage  2004 IT Budgets: Battling for the Basics  Tech spending to rise in 2004, says IDC  David Coursey: What Microsoft needs to do in 2004

The same trends will continue to dominate and evolve in the coming year. For the next few columns, I am going to look at some of these trends and offer my own predictions for what's in store in 2004. While on the topic of predictions, I want to note what Secretary of Defense Donald Rumsfeld said on the nature of divining the future: "I would not say that the future is necessarily less predictable than the past--I think the past was not predictable when it started." If you know what he means by that statement, please let me know.

The first item is the most frequently asked question among the technology industry at large: Will tech spending increase in the coming year? The answer is yes. I leave the precise prognostication to the research firms, who vary in their analyses as to how much growth and in what sectors. Gartner and securities firm SoundView Technology are predicting 1.6 percent growth in capital spending budgets for next year, and Forrester Research came up with a similar number in its survey. IDC is a bit more bullish, pegging IT spending growth at 6 to 8 percent. If the economy gets a good lift in the coming year, IT spending will likely expand from the modest base predictions.

Any growth in IT spending is predicated on the notion that businesses themselves are seeing growth in revenue and hopefully profit. If some disaster occurs, such as a terrorist attack, all bets are off. However, many companies are planning to invest in security and disaster recovery to mitigate the impact of the rising tide of cyberattacks and potential fallout from terrorist attacks and natural disasters. Unfortunately, many companies will continue to be exposed because of budget issues or because they are willing to roll the dice. Storage will be another area of major spending as enterprise address growing data repositories and regulatory compliance, such as Sarbanes-Oxley and the Health Insurance Portability and Accountability Act (HIPAA).

IT buyers might have more budget to spend in 2004, but I predict that a large chunk of spending will be directed at continuing the drive for increased efficiency and utilization of IT resources. Rather than taking on major new infrastructure build outs, the first investment focus will be driving out IT costs and improving TCO through server and storage consolidation, data integration and analysis, subscription pricing, data center automation, diminishing custom code and outsourcing.

Security
In the area of security, don't expect any great progress against cyberattackers. The probability is high-how about 98 percent-that your company will be attacked by some virus, worm or denial of service attack in the coming year. With an estimated 100 new viruses and dozens of software vulnerabilities identified every week, the environment is ripe for intrusion and destabilization of IT systems. There is no single inoculation to make you or your company immune other than getting off the network. Malicious hackers are getting smarter, have better tools and can count on the fact that the defenses applied by corporations and individuals are not sufficient to forestall them.

Enterprises next year will make increased investments in security, but as in past years, it won't be enough. The required investments are not just in technology products such as personal firewalls and deep packet inspectors, but also in education and training. Most enterprises don't create a culture of security in which every employee knows that they need to be part of the solution and adhere to basic guidelines to reduce vulnerabilities from internal and external sources of attack.

I'll also place my bet on major spending in the areas of patch management and identity management. The pay-off for these kinds of investments is fairly easy to document for a CFO. Patch management and more regular scanning and vulnerability assessment will clearly decrease the risk of attack. As an example, the SQL Slammer worm--376 bytes of code-caused billions of dollars in damage this year, but could have been prevented if the patch had been installed. Granted, the cost and complexity of patch management is a barrier, but the cost of not investing can be devastating. Similarly, deploying identity management infrastructure that provisions and authenticates users can lead to a more secure environment.

Next up: Epidemic offshore outsourcing, ill-defined demand computing, emerging Web services, market consolidation and Wi-Fi euphoria.

You can write to me at dan.farber@cnet.com. If you're looking for my commentaries on other IT topics, check the archives.