Security As an Afterthought Never Works
I’d like you to imagine this scenario: a software developer is unhappy with his current position so he is out interviewing for a new job. He is tech savvy and aware of privacy concerns brought about by today’s technologies, so before his interview he disables location tracking and GPS, just in case. Meanwhile, across town his manager starts receiving ads for recruiters that specialize in his exact skill. Ads that seemingly imply they may soon be needing to replace a star developer who is at the core of their most important product. She starts to think about his recent shift in attitude and the unexpected doctors visit the employee is supposedly at. She becomes concerned and suspicious. With the vast quantities of data being created today from a myriad of sources, it’s not hard to imagine a scenario like this one playing out in the near future.
The proliferation of data is creating one of the greatest vulnerabilities to our society today. Even as people take steps to protect their privacy, they are being undermined by data sources they don’t know exist. Research conducted at Stanford University has shown that the gyroscope on your mobile phone can be combined with machine learning techniques to eavesdrop on your conversations, for example. They’ve also done research into using the consumption of power on your phone to pinpoint your physical location. Although you suspect you are in a private mode, that is mostly likely not the case.
With the rapid development of new services and devices has come a deluge of logs, metadata, and content for which we have not considered the ramifications. We are quickly moving into a world in which every part of our life is qualified and quantified, where risk, credit, fitness, and social scores determine opportunity. Where seemingly benign technology can be used for nefarious purposes.
We’ve rushed headlong into this world without giving any thought to how we protect, control, or govern that data. Mitigating this risk requires developing tools that allow us to manage the flow of this information. We must have the technical ability to enforce privacy and confidentiality while also enabling innovation that can have profound positive benefits for our lives. The challenge before is similar to the challenge behind us: we need to find a way to balance innovation and security, with a focus on visibility and analytics instead of data control. Only building such controls in from the beginning will allow us to strike this balance. Security as an afterthought never works.
The Future of Security Roundtable is a Google-sponsored initiative that brings together thought leaders to discuss how we can best protect ourselves from the data breaches and security risks of tomorrow. Panelists are not affiliated with Google, and their opinions are their own. Read the post that kicked off the roundtable here and feel free to join in the conversation.