Thursday, January 29, 2009

Data Security…A Balance Between Convenience, Privacy, Stupidity

Content Insider #116 – Security

Data Security…A Balance Between Convenience, Privacy, Stupidity

My Mama always said you've got to put the past behind you before you can move on.” -- Tom Hanks (Forrest Gump – 1994), Paramount Pictures

Instant information, instant entertainment, instant communications to and from anywhere in the world, with anyone is fantastic.

It’s all been brought to us by the computer and communications industries.

It’s a lot like Forrest Gump’s magic shoes, “They could take me anywhere.”

The problem is a lot of other people also have magic shoes.

Some good.

Increasingly, some bad.

Some just a major pain in the behind.

The good varies as to your needs and tastes.

The Working Bad Folks

The bad are the growing number of Black Hatters, Doom9ers, hackers, cyberthieves and cyberspies.

Figure 1 - Bad Guys – It seems as though every time you turn around you hear about someone losing their online and offline identity information because of unscrupulous individuals. But there are always new opportunities for the gullible people. Source -- NYTimes

These folks are dedicated and ingenious.

And…they work really hard at their job!

They’re rather like rodents. They find software holes even the most conscientious programmers never thought were there. They spend hours and days testing, probing, tickling and trying to grab your information.

Sometimes it is hard and they really have to work at it. Most of the time it is surprisingly simple (as long as you’re bent on doing bad things).

Sometimes … we do it to ourselves!

It’s called click fraud and it is virtually unstoppable.

Figure 2 - Clickity Click – There is always people out there who believe someone selected them out of the billions of people on the planet to entrust their millions to for safekeeping. Obviously the person who sent you the email realizes how trustworthy you are…right! Source -- Ipsos

Sure most of the requests for assistance to transfer $1-2 million are improbable by “normal, rational” people.

Certainly the bank’s note that your account may have been violated or that you haven’t shipped the product to the buyer are dumb (especially if you don’t bank there, don’t do online banking or never sold anything online).

Surprise…it doesn’t have to work 100 percent of the time.

If only .01 percent of a million emails respond then BAM!!! they’ve got enough account information to work with.

As Forrest said, “Stupid is as stupid does.”

Since we aren’t the brightest pencil in the box we buy security software. Software that:

  • protects our devices from “them”

  • doesn’t impact all of the important things we’re doing

  • doesn’t slow us down

  • is the cheapest software we can find

Yep…a placebo will work just find!

Our Portable Stuff

People can “almost” be excused for giving up some of the stolen information they volunteer.


After all to get information you usually have to give information.

As you know there is so much fantastic, vital information and content out there today that we need constant access to it.

So we buy/use increasingly portable computers, higher capacity smartphones, portable storage/player devices.

Cool but…

  • 1 in 10 notebooks stolen, 88% never recovered

  • A Veterans Affairs employee lost a notebook with 27 million veteran records on it

  • 10,000 FBI notebooks were lost last year

  • 30,000 cellphones were left in NY cabs last year and never reclaimed

  • Two major banks reported notebooks with client account information were stolen last year

  • Government agency personnel have “misplaced” multiple backup devices containing citizen files/records

When hardware is misplaced or stolen, thieves are no longer interested in a device they can sell.

Figure 3 - Replacement – Lose or have your hardware stolen, corrupt your operating system/applications and it is a big pain but it can be replaced. Lose your data, your information and it can be devastating. Source -- zTrace

They aren’t even interested in the software they might be able to sell.

But damn the data? Yeah!!!

Online Business

We have a little trouble keeping track of all of our devices, all of our content and we do a few online transactions.

Less that a lot of folks, more than some.

We know there are issues out there that keep many people from carrying out online financial transactions.

Figure 4 - Online Concern – Whether you do your banking or purchase products/services online, there is a healthy concern about the security of the information you provide. It never hurts to check and double check. Source -- Mintel

We’re not ignorant of the challenges or naïve enough to believe we’re immune to attack.

Instead we somewhat agree with Forrest, “I don't know if we each have a destiny, or if we're all just floatin' around accidental-like on a breeze. But I, I think maybe it's both.”

From our perspective, security is a major selection criteria for the devices and software we select as well as for the online outlets we visit.

Figure 5 - Want it All – When it comes to devices and online services people want it all – service, availability, entertainment, satisfaction and more. But the number one criteria people demand is security. Source -- Ipsos

As long as we’ve done some level of due diligence and feel reasonably comfortable/secure, we’re good to go.

As Forrest said,” That’s all I have to say about that.”

Balancing Act

All of us want information security.

Unfortunately it comes at a price.

It their usual professional, knowledgeable manner the governments around the globe have had some degree of national cybersecurity management effort.

Ok so most of them suck but they are trying.

To protect “us,” they now have the authority to tap phone and computer lines in the U.S. Lots of other governments probably do as well but…who’s going to complain?

Oh sure the Brits are complaining because it is estimated that their images are captured on camera 300 times a day but that’s all in the name of security.

Truth is all that information is gathered and all of the video archived but it’s never looked at.

Privacy and security at every level is important. So important that the business side of “privacy management,” is growing in leaps and bounds.

Figure 6 - Opportunities – But if you’re searching for a new career where your services are always in demand it doesn’t hurt to get a good grounding in online, offline security. Crooks are always there waiting for the unsuspecting. Source – Carnegie Melon

Across the board, security is the most important capability of today’s social media initiative.

One of the major points of contention though is that in a shared pool outside the enterprise, we don't have any knowledge or control of where the content resides.

Granted, we have a huge body of standards and services that pertain to IT security and compliance. We also have guidelines for governing most business interactions that sorta, kinda apply to stuff that is done in the Web 2.0 cloud.

Ultimately, the user is responsible for maintaining the confidentiality, integrity, and availability of his/her data.

Large and small enterprises are investing millions to protect not only their information but also their customers’ content. But increasingly much of the information exchange is done in the cloud and no one is exactly certain how secure (or how vulnerable) it is in the cloud.

The challenge is the constantly changing environment as Forrest noted, “One day it started raining, and it didn't quit for four months. We been through every kind of rain there is. Little bitty stingin' rain... and big ol' fat rain. Rain that flew in sideways. And sometimes rain even seemed to come straight up from underneath.”

Most people who are really into this security thing say that companies are doing a pretty good job of addressing the content and data security.

Many went to the Andy Grove (Intel) school of security management training, “only the paranoid survive."

They have pretty good people in charge of their programs and spend a lot of money monitoring things, buying new stuff and…reacting to dangers.

Security managers’ biggest risks is one of the most difficult to address …the idiot sitting at the keyboard.

Figure 7 - Your Users – The major source of organizational security breaches are the result of careless employees. All of the firewalls and security software in the world won’t protect people from their own missteps. Source – Yankee Group

Talking to and training users (especially managers) is a tough, seemingly never ending job. As Forrest said, “Sometimes, I guess there's just not enough rocks.”

Of course for any manager it is pretty tough to resist grabbing a big chunk of a $1.5 M inheritance that belongs to a princess whose father was overthrown/killed. And what can she do with the money? Heck she’s dying of cancer, in the middle of this backward country.

Go for it dude.

Click on that return arrow.

Send over the miniscule information she is asking for after all you read the note, she found gawd!!!

What a Deal – When folks pop email offers into your inbox and offer you something for nothing or an opportunity to make a huge profit, you might – just might – want to be a little skeptical. Or not, your choice.

You know what Forrest said… “Mama always said, dying was a part of life.”

Content insider is a regular feature courtesy of Andy Marken

Marken Communications