Why the security industry must stop the Edward Snowden scaremongering
Davey Winder argues that it's time for the security industry to stop fixating on the Edward Snowden's revelations
An email arrived in my inbox this week with the 'revelation' that Dropbox had complied with 268 law enforcement and government agency requests since January 2014.
Of those, only 91 of the customers concerned were informed regarding the legal process leading to this examination of their data. So far, so interesting, although not particularly surprising, as this kind of data privacy issue has been big news ever since the first trickle of Edward Snowden leaks began last summer.
Hanging the key management argument on the spy scandal hook is becoming increasingly dangerous. The more people read this reasoning, the less impact it has and the less likely they are to take it seriously.
It was also no surprise the email then went on to warn me that "many other cloud and data storage providers are receiving these kinds of requests every day," and - here comes the PR payload - there is "a way for cloud providers to extricate themselves from being in bed with the Feds."
That route involves customer-managed encryption keys.
While I happen to think that retaining control over encryption keys is a very good idea indeed, and have explained why very recently over at our sister publication Cloud Pro, I don't think it's all about Edward Snowden, Big Brother or the FBI knocking on your data storage door with a feather either.
Hanging the key management argument just on the spy scandal hook is, in my opinion, becoming increasingly dangerous. Mainly because the more people read this reasoning, the less impact it has and the less likely they are to take the matter seriously.
The real argument has more to do with due diligence, regulatory compliance, accidental data leakage and organised crime than anything else. Focusing on those arguments are far more likely to lead to change within the enterprise cloud security mindset.
I've been as guilty as anyone of suffering from OSS, AKA Obsessive Snowden Syndrome. However, it's time to stop.
There are far too many vested interests for it to continue, and I include myself and the rest of the technology media here, along with the primary defendant in the shape of the security vendors.
What Snowden did deserves our collective praise, and the increase of insecurity awareness as a result is important. Now, I would argue is the time to get back to basics and start remembering that it's all about the data. Secure that data effectively, and that includes having control and possession of your encryption keys, and you can ignore the hyperbole.
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now