Thursday | 20 November, 2008
Better than locks: A security approach to 'free'
Keeping security relevant in the free-content era
Geoff Leeming 02/06/2008 08:07:57
Page:

Accessibility. Maybe Acme Digital Warehouse can sell me on the idea that they'll organize all my data, my music, my photos, my digital identity for me, but first they're going to have to sell me on the idea that they're going to look after it properly -- again, we're back to trust. Facebook learned this recently after a customer backlash regarding their use of subscribers' shopping data, and to give them credit they seemed to learn quickly and sort out the problem equally fast. They're also learning that access control needs to be increasingly finer-grained as they give more access. I actually have more detailed control over access to my Facebook profile than I ever had over access to confidential data in the last few companies I worked for, and more and more Facebook users are making use of these features.

Findability. When there are millions of options, being able to find the right one for you is valuable. This is why one of the most valuable tech companies in the world is Google, a company originally founded to help you find things. This is nothing new: sales, marketing and advertising teams have always known that unless people know your product exists, no one can possibly buy it.

But if a fundamental principle of marketing is Findability, a fundamental principle of security is Confidentiality. There couldn't be two more diametrically opposed principles, and in security we have a whole array of tools designed to hide, to conceal, to protect, to guard against people ever finding out what we know. These are exactly the "skills of hoarding and scarcity" that Kelly labels as obsolete.

So is Confidentiality obsolete? No, though maybe we need to ease up a bit. There are still and always will be secrets in commerce -- a company's financials just before results day, personal data covered by a person's reasonable expectation of privacy, the recipe for the secret sauce -- but far fewer than we might think. I remember vividly a meeting I once attended as part of a data classification scheme implementation: labelling types of data as 'public', 'confidential', 'secret' and so on so that it can be protected appropriately. The longer the meeting went on, the more got labeled as secret, until eventually it seemed that everything in the company was secret and perhaps you'd need special clearance to find your way to the coffee machine.

The truth is that most 'secrets' aren't, and needn't be. The acid test for 'secret' should be "who wants it, what can they do with it, and will that hurt me?". The company's financials before results day clearly are secret -- every investor wants it, every investor can profit from it, and you'd better believe that when your regulators find out you let that information go, it's going to hurt you. Similar arguments can be made for personal data, but for so many other 'secrets' you can't find an answer to one of those three questions. Someone wants your data, and it won't hurt you? Fine, give it to them! Give it willingly, give it enthusiastically, then go back and see what they've done with it and half the time you'll either make a new customer or find a new, interesting thing you can do with your data. Either way, both sides win.

For the majority of these generatives, we already have the skills to do what needs to be done. What we need to do is change the way we think about security. We need to remember that the good guys pay our wages; we need to remember that trust underpins every deal, and we are the brokers of trust; and when it comes to confidentiality and authentication, sometimes a little of a good thing is quite enough.

Page:
Computerworld Buyer's Guide - Vendors Matched to this Article
Unixpac , Citrix , Dimension Data , Trend Micro , SafeNet , GFI , SonicWALL , Sagem , MessageLabs , CA , 3Com
More about Black Box, Google, Nokia, Good Guys, The Good Guys, PayPal, Entrust, Watermark, Excel
Computerworld Buyer's Guide - Vendors Matched to this Article
Unixpac , Citrix , Dimension Data , Trend Micro , SafeNet , GFI , SonicWALL , Sagem , MessageLabs , CA , 3Com
Related Features
  • +

    Blog: More on Organizational Realignments and How They Affect CIOs 03/06/2008 14:29:24

    IT leaders are well-positioned to benefit from and facilitate organizational changes inside their companies, according to one executive recruiter.
  • +

    The Anytime, Anyplace Enterprise 03/06/2008 14:06:24

    The interactive enterprise must be capable of providing access to its information and processes anytime and from anyplace over any network-connected device. Some CIOs are taking a phased approach in getting there.
    Customers, employees and partners expect to interact with their suppliers, employers and advisers when, where and how they like. Enterprise CIOs can deliver enhanced business performance and innovation for their firms by combining existing IT assets in conjunction with emerging consumer technologies.
  • +

    Refocusing Projects onto Business Value, Part 5: Value-based Project Planning 03/06/2008 10:53:55

    Projects alone rarely deliver the business value expected, and there’s a very good reason for this
    Projects alone rarely deliver the business value expected, and there's a very good reason for this
  • +

    SharePoint '07: Perfect Union of Info Management, IT? 03/06/2008 09:18:06

    For companies that choose SharePoint, it makes sense for there to be a joined-up IT, knowledge and information function
    Microsoft Office SharePoint Server (MOSS 2007) merges workflow, search and collaboration into one enterprise-wide information management platform. In this environment, does it make sense for the professions of records management (RM) knowledge management (KM) and information management (IM) to continue to work independently in their niche roles?
  • +

    Understanding the Project Management Office 05/02/2008 12:59:53

    Excellence in project management is essential, but PMOs can do as much harm as good. Here we examine the fundamentals and scope a proper role for a PMO
    Excellence in project management is essential, but PMOs can do as much harm as good. Here we examine the fundamentals and scope a proper role for a PMO
Additional Resources
Executive Guides
Whitepapers
white paper Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Zones
Zone logoZones provide focussed content from Computerworld and leading technology partners.
Newsletter Subscription
Sign up for our Computerworld newsletters!
RSS Feeds
Market Place
Reduce costs, secure data, ensure compliance with Identity Management
Learn how to prioritize services with IT Service Management (ITSM). Watch the Computerworld webinar now!
Gaining Competitive Advantage Through Enterprise Planning.
Discover best practice strategies for the archival and removal of .PST files using email archiving
CRM Webcast: Learn how to find a CRM solution that fits into your existing business environment. View now.
HP webcast: Learn how to get the best value out of your network
Taking on Demand CRM Integration to the next level.

 

Smart SOA World Tour

Discover how SOA can create smarter outcomes for your business.

Attend and learn:

  • How SOA is helping leading companies to become more agile
  • Where you should be applying SOA processes in your company
  • The top SOA implementation mistakes to avoid

Click here for more information.
Get a job Careerone
Whitepaper


Read Whitepaper

Refresh your AUP: Top tips to ensure your acceptable use policy is fit for purpose

Your organisation may well have devised and implemented an Acceptable Use Policy (AUP) some time ago in order to guard against the risks of inappropriate use of computer systems by your workers, but are you confident that your AUP remains 'fit for purpose'? Read on to discover how you can enhance the effectiveness of your AUP.

Enterprise IT Buyer's Guide
Find Technology Vendors Fast
 
Find vendors by name | Find by category
Sponsored Links