Risk
2/14/2014
10:36 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

The Snowden Effect: Who Controls My Data?

In today's post-NSA-spying world, the key to providing trustworthy digital services to customers is control coupled with transparency.

Last month, Reuters reported that US tech firms doing business in China, including Cisco and IBM, had experienced significant declines in sales. Several industry analysts suggested that the "Snowden Effect" -- the cascade of events and reports that followed Edward Snowden’s leaks of classified information about NSA surveillance programs -- was a major reason these firms were struggling to sell their services in the world’s second biggest economy.           

When I spoke about the potential impact of Snowden’s spying revelations at a recent panel discussion at Le Web, I was surprised to hear Amazon CTO Werner Vogels say that his company wasn’t expecting to see any consequences. Perhaps he believed that Amazon is simply too big to feel any downside, but I wonder if he’s changed his mind in light of that Reuters report.

A lot of people have been blinded to the true nature of the Snowden Effect by the political outrage surrounding the revelations, especially from world leaders whose own nations are not above a bit of espionage. But for businesses and individuals, mistrust is far more justified, and its target is not confined to government agencies. A broader, more long-term impact of the Snowden Effect is that it forces everyone to ask the question: Who is really in control of my information?

Where once files were on your hard drive or your company’s internal network, now it’s more beneficial to store your information online (in the "cloud," if you must). You can access your work across devices and use file sharing services to distribute material and work online with others from anywhere. But it can also mean you’re no longer in complete control of your information. The Snowden Effect is the catalyst for people to really think about whether the benefits of online storage outweigh the loss of control and to start looking for alternatives to the status quo.

Historically, technological development tends to follow this pattern, where an initial surge of enthusiasm for a new idea is followed by a second wave that gives deeper consideration to wider impacts. Social networks like Facebook and Twitter initially seemed to signal the end of privacy, but today even teenagers are more aware of the potential pitfalls of oversharing and turn to less permanent communication tools like SnapChat.

The second wave
For the online storage and sharing industry, where I am CEO at Hightail, this second wave has now arrived. To be a successful and trusted service, all providers need to offer all customers -- from big businesses to individual professionals -- two important things: control and transparency.

If your favorite news site suddenly shows you articles tailored to your interests, it can feel a little creepy. Aside from some abstract agreement to accept cookies or unreadable Terms and Conditions, you have not explicitly consented to this. Compare that experience with using Flipboard, the magazine app that you choose to connect to your social networks and favorite publications in order to receive personalized content. This isn’t creepy; it’s cool. Giving users control coupled with transparency is the key to providing a service they can trust.

In the file-sharing world, control means giving users options to ensure that shared files don’t find their way into the hands of unauthorized people. Transparency is about knowing what happened to shared files. For individuals it is about who has accessed a file and when. Businesses need to keep track of any company data that’s shared externally 

The Snowden leaks have made companies realize that they may have more to fear from authorized employees than anonymous hackers. To mitigate the risk of sensitive information leaks, the ability to know which files have been shared, monitor activity for suspicious behavior, or block a competitor’s domain, is crucial.

Another key element in providing greater control is ensuring that the process is extremely user friendly. I know a few security-obsessed people who are happy to use byzantine encryption software, but normal people don’t work like that. If a system or product is too complicated, users will find a workaround, whether that’s propping open a door because the six-digit keycode changes every week or using a consumer product because the company-sanctioned solution involves jumping through too many hoops.

The Snowden Effect is a game changer and a healthy one at that. From politics to digital services, it has raised questions about data control and transparency that businesses and individuals should have been asking for a long time. In turn, providers of these services must start meeting these demands, or they’ll go the way of microfilm and button cameras favored by spies from a more romantic era of espionage. 

Brad believes that a truly successful company begins with its employees and the culture they build together as a team. It's a philosophy he has cultivated throughout his career, from management stints at SBC Communications and @Home Network to his time as CEO of Dialpad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Stevemartin
50%
50%
Stevemartin,
User Rank: Apprentice
5/22/2014 | 1:59:34 AM
Snowden
Snowden always tried to use proxy servers and VPNs to hide identity and then finally it happen so not new.
Brad Garlinghouse
50%
50%
Brad Garlinghouse,
User Rank: Apprentice
2/26/2014 | 2:32:12 PM
Re: Cloud to On-Premise
We've reached the point where "secure" and "user-friendly" can no longer be mutually exclusive concepts. People are so used to intuitive experiences, professional services that emphasize control have to fit this trend otherwise users will drift back to less secure consumer products.
Brad Garlinghouse
50%
50%
Brad Garlinghouse,
User Rank: Apprentice
2/26/2014 | 2:31:33 PM
Re: New Times Need New Rules
Facebook is a good example of a service learning that its users want more control over how their information is being used. It's not perfect yet, but it definitely feels like its privacy settings are less opaque than they used to be.
micjustin33
50%
50%
micjustin33,
User Rank: Apprentice
2/19/2014 | 9:46:32 AM
Re: New Times Need New Rules
After whistle-blowing NSA's notorious tracking program 'PRISM' since June last year, Snowden is reported to be hiding in a Russian lam. Snowden was very much found to be using online masks like proxy servers and VPNs to hide his true location and identity...
JohnHHurley
50%
50%
JohnHHurley,
User Rank: Apprentice
2/18/2014 | 9:28:46 PM
Re: Cloud to On-Premise
Marilyn,

That's a great question.  Our on-premise solution was built on the same technology and uses the same web interface as our cloud based offering.   In addition, we packaged the desktop sync, Outlook plugin, FTP, and mobile access in to insure the product is complete. 

Because we started as a cloud service, our appliance has additional security features baked in, including multiple firewalls, monitoring, and encryption.  Then by allowing the IT person to physically put the product behind their firewall, and integrate AD/LDAP it gives them even greater control.  Here is a few screenshots of the product:  https://www.smartfile.com/business/
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
2/18/2014 | 4:27:40 PM
Re: Cloud to On-Premise
I'm glad to hear that at least two fire-sharing executives are responding to customers demands for greater control and transparency in the wake of the Snowden Effect. I'm curious about how user-friendly this "second wave" really is. And if it's too "friendly", how secure? 
JohnHHurley
100%
0%
JohnHHurley,
User Rank: Apprentice
2/15/2014 | 7:50:22 PM
Cloud to On-Premise
Brad,

I am the CEO of a file sharing company that recently just released an on-premise product to combat this vary issue. The market reception has been overwhelming and primarily in the EU.  Their data security and privacy laws far exceed ours, and this "Snowden Effect" has pushed their data concerns to the forefront.  

Businesses often talk about security threats as outside concerns, but as you pointed out the security concern needs to be directed at the people sitting behind the firewall.  I recently wrote a blog about this very topic, entitled, "Does Edward Snowden Work for You".  I only mention this because I think it supports your article by bringing internal security to the forefront.  https://www.smartfile.com/blog/does-edward-snowden-work-for-your-company/ This IS and WILL have an ever lasting effect, not just to national security, but to all businesses. 
danielcawrey
50%
50%
danielcawrey,
User Rank: Apprentice
2/14/2014 | 1:57:43 PM
Re: New Times Need New Rules
I think that it is just really important to give control over to the user. The Flipboard example is prescient. Instead of covertly using data to customize things, allow people to do it overtly.

Many of the biggest technology companies are catching on to this. Facebook, for example, has learned the hard way by contstantly iterating, adding and removing features based on real-time feedback.
djameson910
50%
50%
djameson910,
User Rank: Apprentice
2/14/2014 | 12:40:27 PM
New Times Need New Rules
I'm frustrated by the executive and judicial branches assumption that once your information has left one's personal or corporate physical property, that the "right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures" ends.

The corporate attorneys and electronic freedom attorneys need to work with the federal juciciary to come up with language for online providers that allows citizens and corporations to have the same security in "their persons, houses, papers, and effects, against unreasonable searches and seizures" when the stuff is in the cloud as when it is on their physical property.

This is equally important for upholding the spirit of the US Constitution for the people as it is for keepling cloud services as a viable business model.

 
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2010-5312
Published: 2014-11-24
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

CVE-2012-6662
Published: 2014-11-24
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.

CVE-2014-1424
Published: 2014-11-24
apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw."

CVE-2014-7817
Published: 2014-11-24
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".

CVE-2014-7821
Published: 2014-11-24
OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?