I talked about Security Protocols before it was cool: What happens when culture and security collide?
On March 10, 2014, attendees of the music, film and interactive conference and festival South by Southwest (SXSW) crammed into two overflowing rooms for what many would later claim to be the most talked about event of the show. Former NSA contractor Edward Snowden addressed the SXSW audience via videocast from Russia and answered questions submitted on Twitter.
Moments such as these signal a new age, one where security is cool and non-technical conferences invite polarizing figures like Julian Assange and Snowden to be “edgy.” Are these events truly bringing security issues to the forefront of the minds of everyday Americans or causing chaos? Dinner conversations across the country now include discussions around many topics that average users just don’t understand. As security professionals, we have been discussing these questions in depth and with deep knowledge of the issues at the RSA Conference for years. We have an obligation to help set the record straight in every exchange and with a simplified approach
Let's shift a bit to another ongoing “culture and security clash”—the security of tech wearables such as Google Glass and the increasingly popular household technology gizmos such as Nest thermostats, computer-equipped refrigerators, and even scarier…smartcars. Everyday citizens globally need to make sense of just what security means to them and how far their comfort zone extends.
Breaches of trusted retailers such as Target, eBay and Neiman Marcus to name just a few have only reinforced consumer concerns, not to mention those of executives and boards at said companies. All industries rely on technology so developers are beginning to take notice of this “awakening.” Not only are tech companies like Google bolstering their own internal security measures to protect user information from prying government eyes, they are also addressing these concerns by developing new customer-facing offerings such as Google’s recently announced End-to-End encrypted email service. A step in the right direction? Yes. But there is still a long way to go.
So what does this new age of security enlightenment mean for us as security professionals? It is our responsibility to come together as a community, from both the public and private sectors and do what we do best. We need to challenge the norms, seek innovative solutions and continue the lively discourse and debate that began at the 2014 RSA Conference. The debate will continue to occur on RSA Conference blogs and at RSA Conference Asia Pacific & Japan and other events scheduled for 2015.
Unfortunately, breaches will continue to occur, so companies who are delivering consumer products cannot—and should not—bring them to market with security as a secondary consideration. More and more tech companies need to hop on the encryption and security bandwagon and make sure security is part of the development process from the start….not an afterthought.