The U.S. Senate is currently evaluating a bill that would require companies to break encryption under a court order. There is much controversy around this bill, in fact several organizations have already spoken out against it, including the CTA.
Last week I participated in a panel discussion at INCOMPAS in DC on this critical subject of security v. privacy (as covered by Light Reading) and what it means for carriers. While there, I met with many MSOs and Regional LECs about their businesses to talk about the issues they face today.
This issue, at its heart is not only relevant to how companies secure their data, as this bill potentially threatens the validity of all forms of cyber security. It is truly a societal question of: is the government’s drive to protect its citizens from threat greater than every individual’s right to privacy? My colleague Carl Herberber expounds on the need for national privacy laws in a recent TechCrunch article. Instead, we see bills that look to further strip organizations and individuals of their privacy.
In addition to the discussion about the FBI’s case against Apple to break their own encryption algorithm, we had an informative discussion about Layers. There appears to be a misconception amongst the executive audience that is a “one-size-fits-all solution for all security problems, a magic pill that once taken would inoculate your business against all security threats.”
This is a dangerous misconception. You see, security is like a series of layers or filters that filter water. Each successive layer or filter removes smaller and smaller rocks until the last filter leaves pure water. Depending on your business and where your threats emanate from determines the applicable filters and therefore what systems to put in place. Starting with things like two-factor authentication, risk based authentication, moving to antivirus and antimalware, then to DDOS protection, data encryption, mobile malware and advanced persistent threats.
Understanding your business and where threats can emanate from is the critical first step to putting the correct layers in place and it’s more effective than a magic pill. Carriers are starting to understand that there are multiple risks they must protect against including network and application threats inbound from the internet, rogue handsets launching attacks from inside the mobile network and ransomware targeting their enterprise customers. IT’s time to put all the layers in place.