In-depth

Why the security industry must stop the Edward Snowden scaremongering

Davey Winder argues that it's time for the security industry to stop fixating on the Edward Snowden's revelations

An email arrived in my inbox this week with the 'revelation' that Dropbox had complied with 268 law enforcement and government agency requests since January 2014.

Of those, only 91 of the customers concerned were informed regarding the legal process leading to this examination of their data. So far, so interesting, although not particularly surprising, as this kind of data privacy issue has been big news ever since the first trickle of Edward Snowden leaks began last summer.

Hanging the key management argument on the spy scandal hook is becoming increasingly dangerous. The more people read this reasoning, the less impact it has and the less likely they are to take it seriously.

It was also no surprise the email then went on to warn me that "many other cloud and data storage providers are receiving these kinds of requests every day," and - here comes the PR payload - there is "a way for cloud providers to extricate themselves from being in bed with the Feds."

That route involves customer-managed encryption keys.

While I happen to think that retaining control over encryption keys is a very good idea indeed, and have explained why very recently over at our sister publication Cloud Pro, I don't think it's all about Edward Snowden, Big Brother or the FBI knocking on your data storage door with a feather either.

Hanging the key management argument just on the spy scandal hook is, in my opinion, becoming increasingly dangerous. Mainly because the more people read this reasoning, the less impact it has and the less likely they are to take the matter seriously.

The real argument has more to do with due diligence, regulatory compliance, accidental data leakage and organised crime than anything else. Focusing on those arguments are far more likely to lead to change within the enterprise cloud security mindset.

I've been as guilty as anyone of suffering from OSS, AKA Obsessive Snowden Syndrome. However, it's time to stop.

There are far too many vested interests for it to continue, and I include myself and the rest of the technology media here, along with the primary defendant in the shape of the security vendors.

What Snowden did deserves our collective praise, and the increase of insecurity awareness as a result is important. Now, I would argue is the time to get back to basics and start remembering that it's all about the data. Secure that data effectively, and that includes having control and possession of your encryption keys, and you can ignore the hyperbole.

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

NSA issues guidance on encrypted DNS usage
Domain Name System (DNS)

NSA issues guidance on encrypted DNS usage

15 Jan 2021
NSA warns smartphone users of ‘large scale data tracking’
privacy

NSA warns smartphone users of ‘large scale data tracking’

5 Aug 2020
Hundreds of thousands of Instacart customers impacted by data breach
phishing

Hundreds of thousands of Instacart customers impacted by data breach

23 Jul 2020

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
UK exploring plans to launch its own digital currency
digital currency

UK exploring plans to launch its own digital currency

19 Apr 2021