“Consumers don’t care about safety and security.”
Even in today’s worried world where malware or worse is just one click away that sentiment echoed above is all too prevalent. The problem is that it is just not true…at least outside the realm of technology.
Take for instance a car with a five-star safety rating. It clearly has an advantage over a car with a one-star safety rating. Ask any consumer assuming all other items are equal and without fail they choose the five-star rating. The same holds true for many products and services when safety and security are part of the “standard build” of the offering. The pleasure of driving a classic car on the road easily outweighs the risks of driving a 1964 model year car with no safety systems other than the archaic seatbelts that would likely break in any accident. Never mind it is a convertible with no roll bar. But as a consumer it is not that we do not care about automotive safety but that we simply have no choice with a vehicle like this. The safety systems were not built in and it is not like they can be added.
The user is not only vulnerable but gullible
When it comes to downloading some exciting new app users so often opt to install it with absolutely no regard to security and privacy. Look at all the Facebook-centric apps that offer to scan your wall and contacts to create some crazy graphic or statistic. Friends left and right will not only like and share it but opt in for the cool app as well all while ignoring the adherent risks and likely privacy breach.
Computing in its many forms has evolved from something used now and then to a “can’t live without” service. For many years we have had the luxury of ignoring safety and security systems because the loss was just an annoyance but today it stops productivity, communication, and commerce. The risks have grown incrementally since the advent of the PC in the 80’s but have skyrocketed in complexity and severity since the launch of mobile. The market is long past due for security to be built in. The ongoing relationship between the user and their services/devices sets up a dynamic for security to increase the value of that relationship as well. The simpler yet stronger the security becomes the more valuable the services can be that the user takes for granted.
Security is no longer someone else’s problem.
The best place to protect information is as close to point -of-use as possible. The first line of defense today is the application itself. Apps need to take advantage of the most advanced cyber-security controls available. The protection of keys and encryption are a great first step but what really matters most is the secure creation and consumption of data. Data that is protected end to end and provides the assurance that its integrity and confidentiality are fully intact is critical to the future of computing. The solution exists today with TEE (trusted execution environment) which provides apps with a safe and secure space to process, present, and transmit sensitive data.
Isolated higher assurance computing capability has been around for many years on servers with highly managed operating environments. Only highly trained operators and isolated known computing in the form of HSMs (Hardware Security Modules) are allowed to process the most sensitive data assuring that even an admin can’t perform an insider attack. This HSM model is about to come to the client side with Rivetz providing a new model of computing. The Rivetz solution provides the app vendor an environment where they can trust that keys and sensitive operations are executed in a measurable space. The inherent value of integrating trusted computing directly into the application allows the value of the services to increase exponentially. The result will be simplicity for the user and the overall value for the network of users will rise. The return on investment grows as the installed based grows.
A strategy to implement security is the new norm
Every application vendor today must have a strategy for building and integrating stronger security into their apps while taking advantage of the unique feature sets that different devices have to offer. Technologies that enhance the user experience with seamless security at the forefront will dramatically increase and protect the value of an installed base of subscribers. Built in security is no longer an option but a must-have competitive advantage.
Platform hardware security is available in multiple forms today and yet none has evolved into a new global standard. The result is that app vendors will have to make provisions to support more than one solution on top of the legacy software-only platforms. It is no longer enough to trust the OS vendors to maintain the integrity of the mobile environment. The OS has no liability to their investors or their users if (and sadly more often when) said users data is compromised. Going forward every app must have a strategy to integrate hardware security support lest they be the app that caused the next big data breach.
Image credit: CC by Piers Ford