During a dinner held in partnership with Code42, Nimbus Ninety members discussed information security and digital workplace culture.
Data is everywhere. This is precisely the problem.
Complex modern-day digital systems contain high levels of vulnerability. Multiple parties enter and leave the system; and data is ubiquitous, strewn messily across storage systems with complex schemas to establish who can access what.
In this environment, data breaches can go unnoticed, and can come from the inside. The threat is more real than before. Concerns surrounding the unknown grow faster than data protection software improves. Those tasked with securing data must more vigilant than ever.
Workplace culture: Retaining productivity
When heavily done, security checks hinder workers from doing their jobs. Two-factor authentication to access a Gmail account sounds perfect in abstract, but doesn’t stand the stress. What happens when the user has no phone battery, or no signal?
Modern-day information security has become a case of jumping through hoops, to prove that you honestly, genuinely, really, are who you say you are. It’s an identity issue.
In an age where the security of chip-and-pin is foregone for the convenience of contact-less, this is a cause of frustration. Friction, it seems, is what you add to guarantee security.
But must it be that way?
Dimensions of security: getting past the gatekeeper
One view is that the problem is humans: the species which grew up in fortress-towns is inclined to build data protection systems like a fort. But designing the whole architecture of a system around security needs, and introducing roadblocks, is not a luxury which security officials have in a modern digital “town”.
Rather, data ubiquity means multiple dimensions. There is no longer one treasure chest locked behind a one-doored fortress; there are thousands of gold coins floating through a multi-dimensional digital cosmos. More like security cameras, security means careful observation to find unusual behaviour without impeding the day to day movement of people and goods.
Simultaneously, it’s vital that we don’t forget the more human and physical aspects of information security. The potential damage of the wrong person overhearing an important phone call made in public, is just as threatening as a hacker stealing that information in its digital form. In our increasingly digital culture, it has become all too easy to slip into complacency in the real world.
Information security is just as much about encouraging the right human behaviours as it is about building formidable cyber-protection digitally. The weakest link in the entire structure of digital security is found in the human. Attacks happen through humans; the tech is incidental.
What makes data valuable?
Data ubiquity means not only that it exists everywhere, but it’s integrated with other data everywhere too. No piece of data has any value in isolation: and schemas which attempt to assign value per datum therefore fall between “flawed-but-pragmatic” and useless.
Data valuation requires pinpointing the intersection of each datum with all other pertinent data – and aligning this with several other determinants. Competitor threat, severity of consequence of the data’s loss, and the potential outcomes of the data’s processing - all play a role. All of those require knowledge which can only be acquired in retrospect.
Crucially, to someone, somewhere, in context, an innocuous datum can hold enormous value. For example, employee bank details hold no inherent value to the employer. They are simply a means for economic transaction. However, the potential damage that could be done if the same seemingly unimportant data got into unsavoury hands makes this data a high security priority.
From a security perspective, a guiding principle might be to assume value of the data at the outset.
Consumer culture: ethical progress?
The GDPR-induced scramble to improve data security brought in a new aspect to the discussion around information security: transparency and trust.
Creating a base standard of security, GDPR raised the expectations of customers and grew the expectation of transparency. Although seen as a huge inconvenience to data processors all over Europe, the new legislation benefits the entire economy in ensuring that a trusting relationship with consumers is standardly assumed – no longer just an added USP.
There has been a shift in momentum towards building relationships, with a strong sense of responsibility towards customer data. Now, any package regarding securing data must include data ethics.
But this also benefits companies. As a structure is built around customer trust, huge value can be found in the resulting edifice. Just as when a friend enthusiastically recommends a particular sandwich shop down the road, advice and information given in a trusting consumer-business relationship will be far more readily accepted.
Contrary to the widespread irritation it has caused in the marketing teams of the nation, GDPR is slowly but steadily reinstating an atmosphere that prioritises trust.
The digital workplace, with all its challenges, is a more positive landscape than it was two years ago, as information security enters a new era. The intention to wholeheartedly enter a multi-dimensional data world, which both engenders risk and mitigates it, is widespread.
The need to implement those principles effectively remains.
This dinner was held in partnership with Code42. Code42 guarantees data availability and security for its clients. The dinner took place at City Social in Tower 42 on 17 October, and was free for attendees.