Participating in modern society seems almost like a leap of faith in today’s hyperconnected world, as almost everything we do collects our personal data from the moment we wake up until the moment we fall asleep. By simply living like we always have, we implicitly acknowledge that the organizations collecting, analyzing and selling our data are in fact trustworthy and interested, or even capable of, protecting our most personal details and privacy.
About the author
Alex Willis, BlackBerry Vice President of Global Sales Engineering.
But with each new technology and privacy controversy that arises, it‘s apparent that most of us have not actually made any such acknowledgement. Instead, we simply choose to ignore these data collection machines, maintaining a type of blissful ignorance, assuming their data and information isn’t valuable or surrendering to the fact that there is little we can do about it regardless. Recently, a Bloomberg reporter detailed the extraordinary lengths he went to in efforts to completely hide from Silicon Valley before ultimately giving up within the same month because it proved too challenging and inconvenient.
However, just because complete data control is an almost unattainable goal does not mean consumers aren’t waking up to the “data tax” they’ve been unwittingly paying. In the last few weeks, headlines highlighting the misuse of personal data to train high-tech tools have proliferated, as the media spotlight shifts toward privacy violations and brings public attention with it.
Of course, recent revelations are surely but a drop in the bucket when it comes to the invasion of our personal privacy, and there’s no evidence any major organizations have acted inappropriately based on information gleaned from consumers. But coming on the heels of the viral and controversial FaceApp challenge, it seems to signify a growing awareness among consumers that privacy matters and that our personal data is often not quite as secure as we may think. In fact, it was a wake-up call to how consumers are voluntarily surrendering data to companies around the world and bringing to light questions around whether this data is in fact secure.
Naturally, privacy and security concerns are unique within themselves, and organizations will use different tactics to address each. For example, continuous authentication is a useful internet security measure for ensuring a user’s data cannot be accessed by stolen credentials alone. This makes it an extremely effective first line of defense but not the sole line of defense.
Trust and belief
What is becoming more and more clear, however, is that consumers are beginning to take note of the true value of their data and how readily they’re choosing to share it. This is either a golden opportunity for organizations or the catalyst to their eventual downfall.
That idea starts with the seemingly counterintuitive notion that zero trust is necessary for any trust to exist at all. That sounds confusing but it stems from the simple idea that trust must be at the heart of any and every interaction and transaction between organizations and the public. Credible trust depends on security, privacy and control. That means the public believes the organization is securing their data, using it only as needed and willingly allowing the consumer to decide where that data ultimately goes and how it’s used, especially when it comes to cloud storage.
To secure that public belief, companies must adopt a zero trust model based on the cybersecurity tenant of continuous identity authentication, because once your identity is compromised, everything is compromised. And as we learn time and again, every company collects part of our identity, be it our physical photo, voice or even our DNA, making every company a potential threat to both our personal and professional lives. So, it’s best to play it safe rather than end up sorry in the long-run.
In practice, continuous identity authentication lives up to the concept of zero trust. Even after verifying your identity at login (regardless of whether that’s two-factor identification or not), it doesn’t trust you are who you say you are. Instead, it verifies multiple authentication features on a constant basis. This includes passwords and other traditional security details but also situational factors like location, time, user behavior and more.
Although that may seem complicated, a number of easy-to-deploy products exist that enable continuous identity authentication. Machine learning tools, for example, can integrate context into access requests by building a profile of normal user behavior and acting appropriately when behavioral anomalies arise. That means even if a cybercriminal did obtain corporate login details and personal photos through executing a malware or phishing attack against an unrelated third-party app, the machine learning-based tool would still flag the request location as suspicious and conduct follow-up as needed.
In today’s hyperconnected world, it’s naïve to think the collection of personal data will cease or that malicious actors will simply disappear. And as consumers place more emphasis on privacy and security, how organizations collect and protect personal data will play a critical role in determining which companies rise and which fall with their reputation in tatters and their name destroyed. Users will soon demand additional protections as cybercriminals advance their tactics, so it’s crucial to ensure your platform supports zero trust with true AI/ML driven real-time evaluation and adaptive policy control.
In other words, the time is now to manufacture security and control into every product, solution and service from its very inception. That is the only way to proactively address the growing consumer concerns around data privacy.
- Protect your privacy online with the best VPN.