The most unpopular person in the room
That’s me. At least I was the week I wrote this. I had the wonderful opportunity to speak at a number of conferences that were not solely related to security.
It was absolutely fascinating to learn about how organizations are innovating within the Internet of Things. From the deployment of billions of connected sensors into our everyday life, to connected wigs, and mining onto comets, our future looks exciting.
Yet, throughout the entirety of the week I was referred to as the policeman that would constantly ask the recurring question: “What security and privacy controls are implemented?” Much like me sending a friend request to my kids on Facebook, the feeling was that the security guy was there to spoil all the fun.
However, security professionals are technologists. The only difference between the security professional and the “technologist’ is the approach to consider the potential risks during the brainstorming phase and beyond. This approach will reduce the likelihood of the new connected invention not making an appearance at the next security conference demonstrating how easy it is to compromise the great new device to save us more time.
Moreover, we may be reaching a nadir when it comes to security and privacy. The launch of iOS 8 contained some announcements that for many that is well overdue, namely the inclusion of privacy options. Perhaps more remarkable is not necessarily the inclusion of such settings but how these settings are highlighted as a key feature in an open letter to customers by Tim Cook about Apple’s commitment to privacy:
“We believe in telling you up front exactly what’s going to happen to your personal information and asking for your permission before you share it with us. And if you change your mind later, we make it easy to stop sharing with us. Every Apple product is designed around those principles. When we do ask to use your data, it’s to provide you with a better user experience”.
Such a statement, backed by the inclusion of privacy options suggests that trust is finally being seen as a fundamental differentiator by technology companies. The approach we have always adopted with consent buried deep into the Terms of Service could slowly be phased out in place of an open transparent dialogue between the provider and the customer. Of course it is very much early days, however if this is the beginning of informed consent, with transparency between key stakeholders, then building security into the development of new innovations not only act as an insurance policy but also the ability to attract more customers.
Being unpopular is not a problem. Living in a world without trust in the systems we depend on is.