Innovation In Security: It's All About Trust

from the who-do-you-trust? dept

This post is part of an Intel-sponsored series of posts we'll be doing here at Techdirt on the topic of innovation. Posts in the series consist of a video interview of myself (which you'll see below), the post, and another video interview with an Intel representative and others. That second video, obviously, is content from Intel, but my video and what I've written here was done with complete and total editorial independence. We hope you enjoy the content and take part in the overall discussion, either via the comments or through the interactive ad unit to the right of the post.

Security is a touchy subject, these days. There's a fine line between legitimate security concerns and blatant fear mongering, but there's no doubt that security, in general, is an important subject. One key point that I think too often gets lost in the discussions around security is the question of trust. First up: the short video of me discussion a bit about security today: Trust is one of the key elements of security, and while I only really had a chance to discuss it briefly at the end of the video, it is something that deserves a bigger discussion. After all, the "strongest" security in the world from an untrustworthy party isn't any security at all. I've been thinking more and more about this now that "cloud" storage has become a bigger issue. There are some out there who think that cloud storage means that you have "less" security, since your data is "out there." And, in some cases, that might be true. But, consider this: if you store the data yourself, you're responsible for your own security, and you might not be nearly as good as whoever is on the security team at the cloud storage provider.

Of course, there are also different factors at play here. If you do it yourself, you're likely a smaller target than a larger cloud provider, but that doesn't mean you're not a target. As the video below notes, you either you know you've been attacked, or you've been attacked and you just don't know it. Point being: everyone's a security target. Relying on the fact that you're not big enough to be a target is a naive game to play. So, if we're to accept the idea that cloud storage may be important, the security chops of the crowd storage partner you're working with becomes key. And that's where trust is important.

Suddenly, "trust" becomes almost as, if not more, important than the type of the actual security. When you hand off your security to someone else, its almost entirely based solely on trust. Unless you're directly a security professional who is going to dive in and fully test the technology itself, most people (and many organizations) aren't making their security decisions based on whose security is "best," but on which company they trust the most not to screw things up.

Based on that, I'm often surprised at how little some security companies do to really build up and keep that trust. Too often it feels like security vendors focus just on the nuts and bolts. Obviously that's important, and having good technology is always going to be a major component of trust. But it has to go beyond that as well, showing how responsive and clear a firm is about security issues.

Trust has filtered through into a number of different tech categories, but it still seems to be something that many overlook. In the next few years, I fully expect that to change, as more and more companies seek to play themselves up as the "trustworthy" partner in security.

Below is the Intel video discussing computer security today

Filed Under: innovation, security, trust