Privacy And Trust – Part 4
Mention the word trust and many people immediately think of security. We hear so many negative questions about Internet security. Is it strong enough? What will happen to my credit card number? What about hackers? We would like to implement this or that application but we can’t because of ?security?. The list goes on. This is one area where some ?old fashioned? attitudes are actually healthy. Security is critical and needs to be taken very seriously — but not in a restrictive sense. In fact the question that business and government leaders should be asking is about how security on the Internet can become the enabler of global commerce, the enabler for enabling people to control the email they get, the enabler for more secure and efficient processing of healthcare information, and the enabler for trusted transcations.
Internet Security – the glass is half full not half empty
In one sense, the Internet is actually completely insecure. It is similar to a “party” telephone line (for those old enough to remember them) where multiple parties are actually sharing the same network. You might pick up a “party” phone line and find out your neighbor is already using it. The Internet is a shared network also. Our emails, web pages, and VoIP telephone calls are broken up into “packets”, containing 5,000-10,000 zeroes and ones each, and the packets travel through the air, cable, copper wire, or the power grid hopping between specialized computers called routers to get from their origin to their destination. A clever “snoop” could use various “sniffers” to “listen” to the packets and if they are very clever assemble them back into the email, web page, or conversation.
Enter encryption technology; one of the most powerful technologies on earth. Using very sophisticated mathematics, the contents of packets can be scrambled (encrypted) in such a way that only the intended recipient is able to unscramble (decrypt) the packets. Millions of people have discovered that this technique has enabled them to put their credit card number into a secure web transaction in a way that only the server at the other end is able to read it. In fact more and more people are realizing that their credit card number may be safer on the Internet than it is when they give it to a total stranger over a toll free number or to a waiter in a restaurant. The “strength” of encryption is incredible. There is no known case of anyone “breaking” full strength encryption or even a practical theory for how to do so. At some point in the future there may be some combination of people, networked computers, and schemes that will enable information encrypted with today’s technology to be decoded but by then the strength of the encryption technology will have advanced even further. The bottom line is that using encryption enables us to do things very securely using an insecure network.
It’s not the technology
The real issue with regard to Internet security has to do more with policy and procedures and these in turn have to do with attitude. I spoke with a group of CEO’s recently and one of them asked me what a firewall is? I said, well that’s a specialized computer that stands between your company and the Internet, and it allows your employees to be able to go out to the Internet and see what’s out there. It also allows the other 500 million people out there to come into parts of your business you don’t want them to come into if it isn’t set up and managed properly. By the way I asked, “Do you know the state of the morale of your employee who administers your firewall”? When did they get their last salary increase? Are they a disgruntled employee? There are many other questions to be asked such as what are the company audit procedures for checking on network security. The same set of questions need to be answered by consumers. There are numerous security features available but most people are not aware of them. Most people would never leave their home for a weekend without making sure all the doors and windows are locked, yet many of those same people leave with their computer turned on connected to the Internet via a cable or DSL modem and with no firewall protecting them. As more and more homes begin to connect their home network to various entertainment systems and appliances, the vulerability increases.
Most security breaches are not failures of technology. They are failures of process, procedure and, audit. As the world gets more and more connected, the need for improved security will increase. The technology is available and there are many experts for hire to help implement it. Most companies and consumers to do not spend enough time and resources to take advantage of what is available. Internet security should not be feared – it should be embraced. The right attitude will not restrict the opportunities but in fact will enable more opportunities and enable them to be handled in a more secure manner.