Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/14/2014
10:36 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

The Snowden Effect: Who Controls My Data?

In today's post-NSA-spying world, the key to providing trustworthy digital services to customers is control coupled with transparency.

Last month, Reuters reported that US tech firms doing business in China, including Cisco and IBM, had experienced significant declines in sales. Several industry analysts suggested that the "Snowden Effect" -- the cascade of events and reports that followed Edward Snowden’s leaks of classified information about NSA surveillance programs -- was a major reason these firms were struggling to sell their services in the world’s second biggest economy.           

When I spoke about the potential impact of Snowden’s spying revelations at a recent panel discussion at Le Web, I was surprised to hear Amazon CTO Werner Vogels say that his company wasn’t expecting to see any consequences. Perhaps he believed that Amazon is simply too big to feel any downside, but I wonder if he’s changed his mind in light of that Reuters report.

A lot of people have been blinded to the true nature of the Snowden Effect by the political outrage surrounding the revelations, especially from world leaders whose own nations are not above a bit of espionage. But for businesses and individuals, mistrust is far more justified, and its target is not confined to government agencies. A broader, more long-term impact of the Snowden Effect is that it forces everyone to ask the question: Who is really in control of my information?

Where once files were on your hard drive or your company’s internal network, now it’s more beneficial to store your information online (in the "cloud," if you must). You can access your work across devices and use file sharing services to distribute material and work online with others from anywhere. But it can also mean you’re no longer in complete control of your information. The Snowden Effect is the catalyst for people to really think about whether the benefits of online storage outweigh the loss of control and to start looking for alternatives to the status quo.

Historically, technological development tends to follow this pattern, where an initial surge of enthusiasm for a new idea is followed by a second wave that gives deeper consideration to wider impacts. Social networks like Facebook and Twitter initially seemed to signal the end of privacy, but today even teenagers are more aware of the potential pitfalls of oversharing and turn to less permanent communication tools like SnapChat.

The second wave
For the online storage and sharing industry, where I am CEO at Hightail, this second wave has now arrived. To be a successful and trusted service, all providers need to offer all customers -- from big businesses to individual professionals -- two important things: control and transparency.

If your favorite news site suddenly shows you articles tailored to your interests, it can feel a little creepy. Aside from some abstract agreement to accept cookies or unreadable Terms and Conditions, you have not explicitly consented to this. Compare that experience with using Flipboard, the magazine app that you choose to connect to your social networks and favorite publications in order to receive personalized content. This isn’t creepy; it’s cool. Giving users control coupled with transparency is the key to providing a service they can trust.

In the file-sharing world, control means giving users options to ensure that shared files don’t find their way into the hands of unauthorized people. Transparency is about knowing what happened to shared files. For individuals it is about who has accessed a file and when. Businesses need to keep track of any company data that’s shared externally 

The Snowden leaks have made companies realize that they may have more to fear from authorized employees than anonymous hackers. To mitigate the risk of sensitive information leaks, the ability to know which files have been shared, monitor activity for suspicious behavior, or block a competitor’s domain, is crucial.

Another key element in providing greater control is ensuring that the process is extremely user friendly. I know a few security-obsessed people who are happy to use byzantine encryption software, but normal people don’t work like that. If a system or product is too complicated, users will find a workaround, whether that’s propping open a door because the six-digit keycode changes every week or using a consumer product because the company-sanctioned solution involves jumping through too many hoops.

The Snowden Effect is a game changer and a healthy one at that. From politics to digital services, it has raised questions about data control and transparency that businesses and individuals should have been asking for a long time. In turn, providers of these services must start meeting these demands, or they’ll go the way of microfilm and button cameras favored by spies from a more romantic era of espionage. 

Brad believes that a truly successful company begins with its employees and the culture they build together as a team. It's a philosophy he has cultivated throughout his career, from management stints at SBC Communications and @Home Network to his time as CEO of Dialpad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Stevemartin
50%
50%
Stevemartin,
User Rank: Apprentice
5/22/2014 | 1:59:34 AM
Snowden
Snowden always tried to use proxy servers and VPNs to hide identity and then finally it happen so not new.
Brad Garlinghouse
50%
50%
Brad Garlinghouse,
User Rank: Apprentice
2/26/2014 | 2:32:12 PM
Re: Cloud to On-Premise
We've reached the point where "secure" and "user-friendly" can no longer be mutually exclusive concepts. People are so used to intuitive experiences, professional services that emphasize control have to fit this trend otherwise users will drift back to less secure consumer products.
Brad Garlinghouse
50%
50%
Brad Garlinghouse,
User Rank: Apprentice
2/26/2014 | 2:31:33 PM
Re: New Times Need New Rules
Facebook is a good example of a service learning that its users want more control over how their information is being used. It's not perfect yet, but it definitely feels like its privacy settings are less opaque than they used to be.
micjustin33
50%
50%
micjustin33,
User Rank: Apprentice
2/19/2014 | 9:46:32 AM
Re: New Times Need New Rules
After whistle-blowing NSA's notorious tracking program 'PRISM' since June last year, Snowden is reported to be hiding in a Russian lam. Snowden was very much found to be using online masks like proxy servers and VPNs to hide his true location and identity...
JohnHHurley
50%
50%
JohnHHurley,
User Rank: Apprentice
2/18/2014 | 9:28:46 PM
Re: Cloud to On-Premise
Marilyn,

That's a great question.  Our on-premise solution was built on the same technology and uses the same web interface as our cloud based offering.   In addition, we packaged the desktop sync, Outlook plugin, FTP, and mobile access in to insure the product is complete. 

Because we started as a cloud service, our appliance has additional security features baked in, including multiple firewalls, monitoring, and encryption.  Then by allowing the IT person to physically put the product behind their firewall, and integrate AD/LDAP it gives them even greater control.  Here is a few screenshots of the product:  https://www.smartfile.com/business/
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
2/18/2014 | 4:27:40 PM
Re: Cloud to On-Premise
I'm glad to hear that at least two fire-sharing executives are responding to customers demands for greater control and transparency in the wake of the Snowden Effect. I'm curious about how user-friendly this "second wave" really is. And if it's too "friendly", how secure? 
JohnHHurley
100%
0%
JohnHHurley,
User Rank: Apprentice
2/15/2014 | 7:50:22 PM
Cloud to On-Premise
Brad,

I am the CEO of a file sharing company that recently just released an on-premise product to combat this vary issue. The market reception has been overwhelming and primarily in the EU.  Their data security and privacy laws far exceed ours, and this "Snowden Effect" has pushed their data concerns to the forefront.  

Businesses often talk about security threats as outside concerns, but as you pointed out the security concern needs to be directed at the people sitting behind the firewall.  I recently wrote a blog about this very topic, entitled, "Does Edward Snowden Work for You".  I only mention this because I think it supports your article by bringing internal security to the forefront.  https://www.smartfile.com/blog/does-edward-snowden-work-for-your-company/ This IS and WILL have an ever lasting effect, not just to national security, but to all businesses. 
danielcawrey
50%
50%
danielcawrey,
User Rank: Apprentice
2/14/2014 | 1:57:43 PM
Re: New Times Need New Rules
I think that it is just really important to give control over to the user. The Flipboard example is prescient. Instead of covertly using data to customize things, allow people to do it overtly.

Many of the biggest technology companies are catching on to this. Facebook, for example, has learned the hard way by contstantly iterating, adding and removing features based on real-time feedback.
djameson910
50%
50%
djameson910,
User Rank: Apprentice
2/14/2014 | 12:40:27 PM
New Times Need New Rules
I'm frustrated by the executive and judicial branches assumption that once your information has left one's personal or corporate physical property, that the "right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures" ends.

The corporate attorneys and electronic freedom attorneys need to work with the federal juciciary to come up with language for online providers that allows citizens and corporations to have the same security in "their persons, houses, papers, and effects, against unreasonable searches and seizures" when the stuff is in the cloud as when it is on their physical property.

This is equally important for upholding the spirit of the US Constitution for the people as it is for keepling cloud services as a viable business model.

 
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.