You don't have to read the news or keep up with latest tech trends to be fully aware that many parts of daily life - the way we work, shop, travel and communicate - have all massively improved thanks to technology. Look no further than services like Uber, Shyp, Slack and Airbnb as examples of services that have enriched our lives in ways we hadn't imagined possible, fixing things we didn't even know were broken. But user-driven technology has progressed so rapidly that it has significantly outpaced technology's own ability to keep data protected from misuse and guarded from cyber vulnerabilities. And trust me, data is being collected all the time (as witnessed in the Iggy Azalea leak). A lack of reliable security is the price we've paid for this eruption of amazing new cloud-based services and keeping vital data out of the wrong hands is an uphill battle.
Anyone who tells you that your data is secure today is lying to you. The state-of-the-art that is cybersecurity today is broken. There must be a better way. But don't lose hope, there is.
There's no reversing the cloud and mobile technology revolution, but businesses live and die by protecting the information those services produce. Simply put, yet often overlooked, we need a better way to secure our most valuable assets.
Your data will escape: The “corporate boundary” is dead.
CIOs today need to adopt an entirely new security philosophy – one that hinges on the fact that your files and information will be everywhere. This is an innate part of our modern operating system and the price we pay for the benefits of the cloud. If we come to terms with this concept of a disappearing boundary, the way we tackle security takes on a wholly different approach and is much easier to wrap our arms around. If we can build a new security approach from the ground up based on the premise that data will escape, and are then able to secure everything no matter where it is, we end up debunking the concept of the “leak” entirely.
That's why my biggest frustration coming out of the recent Sony and Anthem hacks is companies opting for reactive solutions to fortify firewalls and secure siloed tunnels of information. For example, there was a major uptick in company-wide email-deletion policies in the wake of the Sony attack. Now that's just dumb. Those are band-aid strategies that fail to address the heart of the problem.
Just because security is visible, doesn't mean it works.
When the boundary is no longer the determinant of what's secure and not, the focus shifts to the relationship between people and disparate pieces of data. Maintaining a level of security in a boundaryless world means security and policy follow exactly what you're trying to protect in the first place — the data. In fact, a recent article in Harvard Business Review nodded towards the need for this change and begged the question, “If data is money, why don't businesses keep it secure?” Sony has already sunk a whopping $15M in response to its breach, but the glaring business impact of security is not just seen in the aftermath.
Usable security, where users can choose how they want to access, store and share data, can only be made possible by providing a seamless user experience, so security is integrated into the daily work of everyone. A great user experience is one major obstacle security vendors (and arguably, all enterprise services) have yet to conquer. If we can do it, we will move away from panic-inducing scare tactics used to encourage adoption, and instead empower users with a solution they actually like to secure data.
Does your company have data? Then you need to become a security company.
In 2013, reporters, businesses and analysts all proclaimed that every company had become, or was quickly becoming, a technology company judged on its ability to make sense of data and intelligently respond. In the years to come, every company will become a security company – and will only be as great as the security infrastructure protecting its data. That's because today, as almost all nooks and crannies of our lives are digitally tracked and analyzed, data has become human.
In order to be a security company, enterprises need to rethink a few things. First, users have to be in control of their data at any given point in time and should be able to revoke access when they want by utilizing familiar technology. They should have complete peace of mind that their data truly stays theirs. Second, in a cloud and mobile world there are no real controlled end-points anymore, unless we want to take a step back into the stone ages. And third, the firewall model is broken and trying to extend the perimeter out simply doesn't work anymore. It's about protecting the information, wherever it is, and not about locking everything down where it's hard to access, use and share for your employees and partners.
Bringing this full circle, I am unapologetically optimistic about the turning point we've reached. We've entered a new stage in technology where information-sharing and collaboration are more ubiquitous than ever. If we're going to move forward with successfully securing information in today's mobile, cloud-driven world, we must embrace an entirely new approach – one that accepts that leaks will happen, one in which users rule and one where every company is a security company – and work from there. If you think about it, a porous perimeter can actually be an exciting thing.
Ajay Arora is CEO of data security company Veradocs. Follow him on Twitter @ajayarora.