Innovation In Security: It's All About Trust

from the who-do-you-trust? dept

Wed, Nov 23rd 2011 2:57pm — Mike Masnick

This post is part of an Intel-sponsored series of posts we'll be doing here at Techdirt on the topic of innovation. Posts in the series consist of a video interview of myself (which you'll see below), the post, and another video interview with an Intel representative and others. That second video, obviously, is content from Intel, but my video and what I've written here was done with complete and total editorial independence. We hope you enjoy the content and take part in the overall discussion, either via the comments or through the interactive ad unit to the right of the post.

Security is a touchy subject, these days. There's a fine line between legitimate security concerns and blatant fear mongering, but there's no doubt that security, in general, is an important subject. One key point that I think too often gets lost in the discussions around security is the question of trust. First up: the short video of me discussion a bit about security today: Trust is one of the key elements of security, and while I only really had a chance to discuss it briefly at the end of the video, it is something that deserves a bigger discussion. After all, the "strongest" security in the world from an untrustworthy party isn't any security at all. I've been thinking more and more about this now that "cloud" storage has become a bigger issue. There are some out there who think that cloud storage means that you have "less" security, since your data is "out there." And, in some cases, that might be true. But, consider this: if you store the data yourself, you're responsible for your own security, and you might not be nearly as good as whoever is on the security team at the cloud storage provider.

Of course, there are also different factors at play here. If you do it yourself, you're likely a smaller target than a larger cloud provider, but that doesn't mean you're not a target. As the video below notes, you either you know you've been attacked, or you've been attacked and you just don't know it. Point being: everyone's a security target. Relying on the fact that you're not big enough to be a target is a naive game to play. So, if we're to accept the idea that cloud storage may be important, the security chops of the crowd storage partner you're working with becomes key. And that's where trust is important.

Suddenly, "trust" becomes almost as, if not more, important than the type of the actual security. When you hand off your security to someone else, its almost entirely based solely on trust. Unless you're directly a security professional who is going to dive in and fully test the technology itself, most people (and many organizations) aren't making their security decisions based on whose security is "best," but on which company they trust the most not to screw things up.

Based on that, I'm often surprised at how little some security companies do to really build up and keep that trust. Too often it feels like security vendors focus just on the nuts and bolts. Obviously that's important, and having good technology is always going to be a major component of trust. But it has to go beyond that as well, showing how responsive and clear a firm is about security issues.

Trust has filtered through into a number of different tech categories, but it still seems to be something that many overlook. In the next few years, I fully expect that to change, as more and more companies seek to play themselves up as the "trustworthy" partner in security.

Below is the Intel video discussing computer security today

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: innovation, security, trust

5 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

A Guy (profile), 24 Nov 2011 @ 1:59am

I couldn't get the video to load, but maybe it's just me. For storage, I think it's easy to figure out whom to trust. If they say "I will store all your information but I may look at it and sell statistics about you to everyone else" they are not worth trusting for anything beyond funny emails and reminders to call your mother.

If they tell you "I will give you storage space and the tools to encrypt your information that you may use at your discretion," they may be worth trusting for more sensitive information.
[ link to this | view in chronology ]
- btrussell (profile), 24 Nov 2011 @ 7:01am
  
  Re:
  Both videos played for me.
  
  FF8 on PCLinuxOS
  [ link to this | view in chronology ]
- John Fenderson (profile), 13 Feb 2012 @ 1:49pm
  
  Re:
  "I couldn't get the video to load, but maybe it's just me."
  
  Not just you. For a while now, about 1/3rd of the videos posted here don't work for me, including these.
  [ link to this | view in chronology ]
TtfnJohn (profile), 24 Nov 2011 @ 9:24pm

They both worked for me too. The ideas are valid though, sadly, it'll take a lot of time before I buy a security product labelled MacAfee again given the mess it's made of my machines in the past.

An illustration of the trust thing. Even if Intel now owns them.

FF8 on Mandriva PWrPack 2011 as long as we're gonna start keeping score :)
[ link to this | view in chronology ]
- John Fenderson (profile), 13 Feb 2012 @ 1:56pm
  
  Re:
  Disclaimer: I work for McAfee, but these comments are all my own.
  
  I suggest that you use whichever product works for you. However, do be aware that all such products, regardless of who makes them, are incredibly intrusive by necessity and there will always be certain combinations of hardware/software that will cause problems. We gain as many customers from our main competitor as we lose to them, because of this problem.
  
  It's a bit unfair to claim a security vendor is untrustworthy or bad as a blanket statement because their product fails on your system. Also, we rely heavily on customers reporting these problems to us so we can address them in future versions. So even if you never go back to McAfee again, you'd be doing everyone a favor by reporting the issue.
  [ link to this | view in chronology ]