The Struggle For Both Privacy And Security

A digital padlock. Security, privacy

Ian McEwan, VP EMEA, Egnyte, examines the difference between privacy and security, and how we can achieve both

In today’s digital age we’ve been forced to trade in elements of our privacy for more convenient communication and collaboration.

As a result what we have historically understood as our right to privacy is now in question. We’re faced with a number of new challenges: governments who want unfettered access to our personal data, corporations who would use our personal information to sell us goods and services and on the other end of the spectrum individuals or organisations with malicious intent.

With the recent collapse of the “Safe Harbour” agreement the topic of encryption has moved, from conversations in the server room to lawyers in international courtrooms.

invasion of privacyWhile it may seem like these issues erupted out of nowhere, experts in the security field have been cautioning lawmakers about the inability of legislation to keep up with the pace of innovation for some time. The tipping point was a case brought against Facebook by an Austrian law student who argued that the privacy of Europeans was violated when it was suggested that Facebook cooperated with the National Security Agency. Ultimately the court concluded that U.S. laws did not offer sufficient protection against government agencies – thus invalidating the Safe Harbour agreement.

One of the major pain points is the polarity of the United States and Europe in terms of their legal initiatives around privacy and security. In Europe, privacy is viewed as a fundamental right, whereas in the US it can be viewed as a consumer protection issue – an enormous philosophical difference. While many use the two terms interchangeably, there is a difference between privacy and security, but unfortunately confusion continues to reign. Personal information may be secure – but in many cases it’s not private.

The cloud, BYOD and keeping business secure

Large technology firms in Silicon Valley have taken the position that building so-called “backdoors” into software and hardware is not in their customers best interests.

For firms that store and manage business data, it’s a scary proposition. The thought of government or hackers prying into sensitive data is forcing businesses to rethink security and move towards end-to-end encryption.

In this scenario data is fully encrypted and can only be unlocked by the holder of the key. For example, when a company that stores and manages data is compelled to turn that data over to the government, or a hacker steals the data, that data is rendered useless without a key. Thus the data remains safe, as the key ultimately remains in the hands of the individual or organisation.

This level of encryption, once considered extreme, was reserved for the most secure organisations: government agencies, military and financial institutions. However, in our content-rich world, where organisations want to control the flow of content, mitigate risk from hackers and protect data from subpoenas, end-to-end encryption becomes mandatory.

The accessibility of the cloud means people are accessing content from a host of different devices including tablets, smart phones, laptops and desktops. As a result it has created a proliferation of ‘bring your own device’ (BYOD) policies within organisations. This enables employees to have more autonomy, often working remotely on a variety of different devices. Unfortunately, it also means there are more potential access points to company networks for those who would look to exploit vulnerabilities. End-to-end encryption is one of the ways to ensure data reaches its intended destination securely.

What comes next?

Despite the concerns created by recent high profile cases over the rights to our data, cloud computing will still be at the centre of business for the foreseeable future. Businesses will need the agility that the cloud provides, specifically the ability to distribute, share, access and act on information as quickly as possible. For businesses and individuals the promise of the cloud is the promise of enhanced collaboration and productivity in the office and around the globe. However, all the speed and access in the world means nothing if it is creating harmful vulnerabilities. All of the efforts around cloud computing will be in vain if the data involved cannot be fully secured.

Moving forward there are measures being taken to keep up with the rapid innovation of cloud technologies, the most important being Safe Harbour’s re-birth in the form of Privacy Shield. This new transatlantic agreement brings promise of more oversight of bulk data collection and gives Europeans tools to have complaints addressed. While this will ideally lead to greater transparency and accountability, it is our responsibility to do everything in our power to protect the privacy and security of our data.

How much do you know about famous hackers? Try our quiz!