Philosophizing security in a mobile-first world

What is wrong with Cybersecurity?

Streetlight effect

Security, Freedom, and Safety

NB: We may not realize it but people are quite used to being limited in freedom for the sake of security. For example, most of us were limited in our activities by our parents protecting us from the dangers of the external world. Another example is luggage scans in airports that somewhat intrude on our feelings of privacy.

NB: Just think for a while how many potentially good online and offline services you have stopped using just because of annoying security measures.

Freedom vs. Security

Security is not equal to safety; security measures are generic while the conditions of feeling safe are individual;

Security measures could harm the feeling of individual safety when an external entity manages it. In this case, security limits the users’ freedom and privacy that can go beyond the individual comfort zone.

Practically, users desire individual safety but may not have the full picture about security threats;

Engineers usually push generic security but have limited visibility into individual safety preferences and how security measures may impact them;

Social Contract in the Apps world

Social Contract

Though experiment about imaginary Apps world

NB: Keep in mind that such security institutions always had a tendency to misuse the power of the function that they were delegated (security geeks would call this a bug in the system that leads to “elevation of privilege” due to an issue in the “segregation of rights”)

NB: It is actually not an oversaturated metaphor since people spend 80% of their average online time in Apps.

NB: There would be two dominant states with quite a different regime in our App world: the iOS Kingdom and Androidian Union.

Android and iOS “states”

Safety first not a security

NB: Thus in the real world the safety strategy should form the “right” balance between freedom, security, and comfort for a given App. Top management shall define or at least arbitrate it. It can’t fully delegate it to marketing-minded or tech-minded subordinates.

Evidence of security 👁️

NB: The critical advantage of communicating and visualizing the state of App security is that it can help to bridge the gap between the personal feeling of safety and the actual state of user protection.

NB: In-App protection is a mobile security technology that allows mobile applications to check the security state of the environment that it runs within, actively counteract attack attempts, and control the integrity of the App. Such technology is also called RASP (Runtime App Self Protection) or App-Shielding.

Develop self-defense skills of users 🛡

NB: Some might say I don’t feel like educating my users about cybersecurity. Yes, it is quite a common view. I guess it was the same attitude among airline management before 1984. Since then, the pre-flight safety briefing has become mandatory and we are all quite used to watching the cabin crew demo every time we are about to take off.

Easiness to report an attack 🆘🕭

Collective Cyber Defense

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store