Balancing Privacy, Security and Access

by

PrivacySecurity

FountainBlue’s July 28 VIP roundtable was on the topic of ‘Balancing Privacy, Security and Access’. Please join me in thanking our executives in attendance and our gracious hosts at Palo Alto Networks. Below are notes from the conversation.

As a responsible customer, government official, executive, vendor, partner, consumer, parent, citizen, we must continually look at balancing the need for convenience and access with the need to remain secure and compliant, the need to get things done efficiently and the need to protect against malicious and unintended negative consequences.

It becomes increasingly more important to do so as technology is enabling more people access to more solutions, devices and technologies. With the increasing occurrence of alarming security breaches and astounding examples of privacy breaches, governments are implementing policy updates to protect its citizens, corporations are implementing mandates and requirements, and partners and customers, and professionals and consumers are left wondering how to proactively manage their data, their devices, their security.

It’s a fact that leaders in companies and governments and households have a larger view of the impact should there be breaches in security and privacy. However, should mandates, policies, devices and other limitations on usage and access become too inconvenient for those under management, they may be less cooperative, less complicit as their focus is more on getting something done, and not necessarily on what the implications are should a risk actually be realized.

It’s clear that companies are required to track, manage and enforce regulations and policies, but it’s also clear that they must proactively secure themselves and their staff and proactively communicate about any compromising hacks. Companies are also required to track staff information, but also be able to report information which is to be retained by the company even after her/his departure. It’s also incumbent upon the staff member to ensure that private information remains private – not on company cloud or e-mail for example.

The trick is to align all the stakeholders to agree on the larger goal – to get things done while minimizing associated risks around security breaches. It takes a combination of mandates and policies and cooperation between all parties to successfully and proactively manage that balance. 

Equally important is the ability to provide the customer what they need, and even anticipating their need, while also complying with the privacy and security requirements of the companies and the governments involved.

There’s a clear up-side to collecting data – products and services would be more customized to personal needs and preferences. It’s great when that happens as it saves people time, but there’s also a nagging ‘big brother’ feeling if the predictions are intrusive, if they are wrong, if they force customers to do something they didn’t sign up for…

Change is happening quickly, and many are weighing in to influence policies and directions are there are business, political and social implications. For example, many eyes are on the EU and the May 2018 decision for the GDPR, even for those who aren’t European residents/EU members. 

I’ll conclude with a comparison mapping this balancing act with driving. 

  • Within the US, drivers know what the speed limits are, how to drive, which side of the road to drive on, how to obey signs and signals. Although accidents and problems happen, it generally works.
    • But cars are able to go much faster than the speed limit, and drivers can generally do so without negative consequence unless there’s a ticket or an accident. Similarly, staff members may know that they shouldn’t keep private information on the company cloud, and many may do so without negative consequence, unless there’s a privacy breach.
    • Traffic rules and protocols vary outside the country and even between cities. Similarly, security and privacy policies vary across companies and countries.
  • The rules and protocols are much more clear, more accepted, more established, more supported through documentation, etc., But the rules around balancing privacy, security and access are not at all clear in many circumstances. Thus we are all feeling our way through the many variables, trying to align all the motivations involved for all the players.

It’s a complex time with many factors and many leaders and companies weighing in as this balance impacts our daily work and home lives. 

Advertisements

%d bloggers like this: