Being a security consultant sometimes feels like spouting doom-laden prophecy in a deserted wilderness. However much we try to find silver linings in the threatening rainclouds and present security measures as part of competitive advantage, people don’t really want to hear what we have to say. We don’t much like having to say it, either. If only everybody would play nicely, we wouldn’t be needed.
So let us all thank Edward Snowden and Lord Leveson. It took the revelation that everybody is spying on everyone else, and particularly that we’re being spied on by our friends, to make the world sit up and take notice. I find it a little odd that people who’ve spent years pooh-poohing the threats from malware, hackers, disgruntled staff and unscrupulous foreign powers finally give a damn when it comes to their privacy being invaded by the CIA and (allegedly) the fourth estate.
I saw three news stories today that bore this out:
The Swiss are building a purely local cloud service, with jurisdictional certainty (knowing where your data is) and a presumption of immunity from surveillance by foreign powers. Brief commercial: DesktopLive, the cloud service from Managed Networks (the company I run as my day job) has been purely UK local since 2006, offering jurisdictional certainty and freedom from surveillance and hackers since before anyone realised they should care about these things.
The government is making ministers and staff put their tablets and phones into lead-lined boxes to ensure the security of meetings. No more checking your Twitter feed under the table during the boring bits, then. Presumably in another couple of years they’ll think about securing the data on those devices, and mitigating the BYOS risks. Eventually they’ll connect the dots between security risks and the fact that ministers are using personal (read: US-based cloud service) email accounts for State business. FOI exposure ain’t the half of it.
HP are – in what looks a bit like Schadenfreude – telling the world that Apple is doomed to failure in the corporate world, because IT managers lack central control over iPads. I think I may have covered this before… The point of course is not the device per se, it’s the services attached to it. Windows 8 tablets make more sense from a business perspective because they integrate more directly with existing internal services. But no-one is going to buy one for personal use, so business leaders had better choose between security and capex.