from the who-do-you-trust? dept
Security is a touchy subject, these days. There's a fine line between legitimate security concerns and blatant fear mongering, but there's no doubt that security, in general, is an important subject. One key point that I think too often gets lost in the discussions around security is the question of trust. First up: the short video of me discussion a bit about security today:
Of course, there are also different factors at play here. If you do it yourself, you're likely a smaller target than a larger cloud provider, but that doesn't mean you're not a target. As the video below notes, you either you know you've been attacked, or you've been attacked and you just don't know it. Point being: everyone's a security target. Relying on the fact that you're not big enough to be a target is a naive game to play. So, if we're to accept the idea that cloud storage may be important, the security chops of the crowd storage partner you're working with becomes key. And that's where trust is important.
Suddenly, "trust" becomes almost as, if not more, important than the type of the actual security. When you hand off your security to someone else, its almost entirely based solely on trust. Unless you're directly a security professional who is going to dive in and fully test the technology itself, most people (and many organizations) aren't making their security decisions based on whose security is "best," but on which company they trust the most not to screw things up.
Based on that, I'm often surprised at how little some security companies do to really build up and keep that trust. Too often it feels like security vendors focus just on the nuts and bolts. Obviously that's important, and having good technology is always going to be a major component of trust. But it has to go beyond that as well, showing how responsive and clear a firm is about security issues.
Trust has filtered through into a number of different tech categories, but it still seems to be something that many overlook. In the next few years, I fully expect that to change, as more and more companies seek to play themselves up as the "trustworthy" partner in security.
Below is the Intel video discussing computer security today