Think Information. Think Security.
David Jeffers over at PC World has an article up about why convenience is the enemy of security. Jeffers's premise is: "tools that make your life more convenient also tend to make it less secure. Technologies that make you more secure are also generally inconvenient." Jeffers uses the case of passwords as an example. Enforcing strong password policies can be burdensome and, yes, inconvenient. Using biometrics like facial recognition and fingerprint match can be fooled. He advocates two-factor authentication as an alternative if it's not too inconvenient.

Using password manager  for keeping track of strong passwords from all of the different sites is rapidly moving beyond the capabilities of the average human. He's much with facial recognition or perhaps voice or some other unique identifier for  convenience and security. Facial recognition, for instance. The use of own laptop, nothing stops a person from using a picture of someone. For that matter, what stops someone from cutting off a finger or cutting out an eye to use it to fool fingerprint or retina recognition.

The problem is that security is an afterthought with many of these tools. If security was built in from the design stage on, it would not be a case of feeling that security denied you from doing something or going somewhere. 

If someone said I want to have a social network where people can share information in a secure manner and not be able to download anything malicous, and set out to design such a system,  security people would be out of jobs. But that is not the case. Some of the NoSQL vendors admitted that security would be built in when their customers asked for it as a priority.

So is convienience the enemy of security? Not necessarily. If security is built in by design you really can have your security and convienience too.

Cross-posted from: Network World

Leave a Reply.