In-depth

Why the security industry must stop the Edward Snowden scaremongering

Davey Winder argues that it's time for the security industry to stop fixating on the Edward Snowden's revelations

An email arrived in my inbox this week with the 'revelation' that Dropbox had complied with 268 law enforcement and government agency requests since January 2014.

Of those, only 91 of the customers concerned were informed regarding the legal process leading to this examination of their data. So far, so interesting, although not particularly surprising, as this kind of data privacy issue has been big news ever since the first trickle of Edward Snowden leaks began last summer.

Hanging the key management argument on the spy scandal hook is becoming increasingly dangerous. The more people read this reasoning, the less impact it has and the less likely they are to take it seriously.

It was also no surprise the email then went on to warn me that "many other cloud and data storage providers are receiving these kinds of requests every day," and - here comes the PR payload - there is "a way for cloud providers to extricate themselves from being in bed with the Feds."

Advertisement
Advertisement - Article continues below

That route involves customer-managed encryption keys.

While I happen to think that retaining control over encryption keys is a very good idea indeed, and have explained why very recently over at our sister publication Cloud Pro, I don't think it's all about Edward Snowden, Big Brother or the FBI knocking on your data storage door with a feather either.

Hanging the key management argument just on the spy scandal hook is, in my opinion, becoming increasingly dangerous. Mainly because the more people read this reasoning, the less impact it has and the less likely they are to take the matter seriously.

The real argument has more to do with due diligence, regulatory compliance, accidental data leakage and organised crime than anything else. Focusing on those arguments are far more likely to lead to change within the enterprise cloud security mindset.

I've been as guilty as anyone of suffering from OSS, AKA Obsessive Snowden Syndrome. However, it's time to stop.

There are far too many vested interests for it to continue, and I include myself and the rest of the technology media here, along with the primary defendant in the shape of the security vendors.

What Snowden did deserves our collective praise, and the increase of insecurity awareness as a result is important. Now, I would argue is the time to get back to basics and start remembering that it's all about the data. Secure that data effectively, and that includes having control and possession of your encryption keys, and you can ignore the hyperbole.

Featured Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now
Advertisement

Recommended

Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
Visit/back-up/29084/how-to-enhance-your-backup-strategy
backup

How to enhance your backup strategy

10 Oct 2019
Visit/data-loss-prevention/28864/data-recovery-why-is-it-so-important
data recovery

Data recovery: Why is it so important?

9 Oct 2019
Visit/security/29068/is-your-company-taking-enough-accountability-on-cybersecurity
Security

Are you taking enough accountability on cyber security?

14 Jun 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Visit/strategy/28115/the-pros-and-cons-of-net-neutrality
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Visit/domain-name-system-dns/34842/microsoft-embraces-dns-over-https-to-secure-the-web
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
Visit/social-media/34844/can-wikipedia-founders-social-network-really-challenge-facebook
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019