Cybersecurity: If You Can’t Patch Stupid, Lead by Example
Focusing consumer thinking on the nitty-gritty of securing content represents an important milestone in the convergence of content management and security.
20 October 2014
The always-interesting issue of cybersecurity took an even more interesting turn recently. Apple announced that the new iPhone 6 and iOS 8 will allow a customer to use a private encryption key to secure emails, texts, and content (like those stolen pictures that were in the news recently).
In theory, according to Apple, it would take a colossal supercomputer years to break the code and seize the content in the millions of texts and documents iPhone users are burning up their data plans sending back and forth.
The fact that Apple thinks consumers care about encryption represents an interesting shift in the thinking of the consumer tech world. While, for decades, those of us who focus on enterprise technology (and its users) have been thinking about how to better secure enterprise content, Apple’s move is a rare example of what I call the “enterprization” of the consumer. And it’s a move that’s been a long time in coming.
Awakening the Consumer to Security
Focusing consumer thinking on the nitty-gritty of securing content represents an important milestone in the convergence of content management and security. And not just for the consumer. Whether we’re talking consumers or enterprise users, the one thing cybersecurity experts agree on is the saying: “You can’t patch stupid.”
If a consumer or end user isn’t paying attention, or in too much of a hurry — or just plain ignorant — the very best in cybersecurity technology can (and will) be thwarted. You also can’t patch a malicious actor or rogue individual, either — as evidenced by the constant drumbeat of headlines in the last few years.
What the combined impact of the cyber-crimes of human commission (along with the errors of human omission), really points to is that the human element is the weakest link in a chain — make that a web — of technologies and business practices that must mesh together daily. This quotidian set of processes allows businesses to do business, and individuals to do their jobs as employees and consumers, safely and securely.
Human, All too Human
The fact that people are the weak link in cybersecurity (and that Apple is empowering them with a security regime it claims would take the NSA years to breach), gives me hope that the weakest link might be getting a little stronger. Judging by the complaints by the likes of the outgoing Attorney General Eric Holder and FBI head James Comey, there may be some truth in Apple’s claim.
And therein lies a smidgen of hope in the otherwise dismal increasingly out of control world of cybersecurity. Apple isn’t just a purveyor of technology: It’s a leading lifestyle brand, with a huge cultural influence on consumers worldwide. Placing that cultural clout in the service of raising awareness about the cybersecurity of smartphone content could go a long way. In the end, this could shift the consumer’s laissez-faire attitude about cybersecurity towards something a little more proactive.
Enterprises: Time to Learn from Consumers?
That shift could have a profound impact on the enterprise, as well. Lately, the dominant cultural flow has been from consumer to the enterprise — that famous “consumerization” of the enterprise phenomenon. And with it has come a host of bad practices and utter insanity about what constitutes security and privacy in the enterprise. That other famous phenomenon of bring your own device (BYOD) has been a major enabler of many of those “stupid” acts that cybersecurity experts can’t patch.
If Apple’s users were not only alerted to the need for real security — but came to expect it as part of their daily experience, much like they expect all the other aspects of their i-experience to percolate up to the enterprise — then, maybe, patching stupid wouldn’t be an issue any more.
Maybe — just maybe — stupid will stop being stupid and people will stop being the weakest link — and start being part of the vanguard of cybersecurity. And we will have Apple to thank for it.
Good Security Good Business
Of course, Apple has its own motives for boosting security. It realizes its products will be unsellable around the world if it’s perceived to be the handmaiden of the NSA. Putting a barrier like this in front of the NSA and the rest of the U.S. (and global) security establishment turns out to be a good business decision, first and foremost.
I think the NSA can probably crack even Apple’s supposedly un-crackable encryption technology. I wouldn’t underestimate the agency for a second. But honestly, I don’t really care. If the result is that consumers take cybersecurity seriously — and take that seriousness into the enterprise, then we’ve made huge progress in a fight that, without a little enterprization of the consumer, we’ll never have a chance of winning.
Joshua Greenbaum is the Principal of Enterprise Applications Consulting. He has over 30 years of experience as a computer programmer, system architect, author, consultant, and industry analyst. He began his career at the dawn of the desktop publishing and data base markets, and has observed first-hand the evolution of the products and technologies that make up the enterprise applications, content and technology marketplaces of today.