Future Watch 1: Data Security.
Chartered Engineer, Enterprise Architect, and one-half of KnowNow, Chris Cooper talks to Gemma Christie and explains the data security issues that people and organisations still can’t seem to master, as well as next-horizon ideas that we’ll start seeing in the next two to ten years.
G: Hi Chris thanks for your time today. We’re going to start by discussing your article ‘5 rules of thumb and security of YOUR data’. Before we get started would you mind giving us a quick introduction to Know Now and your role there?
C: Yeah sure, KnowNow was set up by myself and David Patterson back in Nov 2013. We’re both ex IBM and we are both from the Smart City space. The reason we set up KnowNow is we felt that there is a market opportunity to help places, cities, districts and communities adopt technology in a safe and sustainable way. Our previous employer was focused on some other stuff and we felt they were missing out on that opportunity. We still have a great relationship with IBM and we’re an IBM business partner.
We’re an award-winning team. We won a big data award in 2015 for an idea on using open data to help emergency situations and we were cohort 1 finalists on the Cognicity challenge in Canary Wharf.
Find out more about the Cognicity challenge here: http://cognicity.london/cognicity-challenge
It’s been a fun 2 and a half years so far and I’m looking forward to more fun with Mr Patterson.
G: You have written about data security. Why is this an issue that is relevant to Know Now?
C: In a number of areas, I’m a chartered engineer and one of my responsibilities is to ensure that anything I create is safe and sustainable for the people using it. Your data is one of the things you create, promote and use. Therefore as part of my being chartered I have to make sure something is fit for purpose and the security of data is absolutely key.
To put it into context, where we are with the information technology world. It’s a very immature industry, it’s barely 50 years old and still finding its feet. It’s also led by humans who have this tendency to look at the short term rather than the medium and long term.
Things like security get in the way of your market development, they get in the way of your user experience and they get in the way of people wanting to use your product. Because security by its very nature slows things down. Also, if you have insecure things you open yourself and expose yourself to risk so it’s a fine balance.
Where we’re trying to position security at the moment is that it’s got to be fit for purpose for the thing it needs to do. And if that means your market won’t accept a slowing down user experience then maybe you need to question whether you need to bring this to market in the first place. So that’s kind of the premise. Think secure because it’s a good thing to do.
G: You mention that a lot of companies want to take a quicker route to market. Who do you think has to take more responsibility within organisations for ensuring data is more secure?
C: Everyone! It’s something that should be pervasive throughout an organisation. It’s not one person’s responsibility, it’s everyone’s responsibility. It’s even yours Gemma to be secure, as much as it’s mine to not break your security and to respect your security and to call you out if you’re not being secure. Because that could make me insecure if I started to share things with you.
One of the things that organisations have to have an awareness of is what’s going on out there. Where are my weak areas? It’s fine to have weak areas as these weak areas might drive some really good positive things. Weak areas can create strong areas but then you might start making strong areas weak and that might be against what your business is trying to do. That might mean you start looking at an individual that’s responsible for that area that you’ve just compromised and they’ll be asking for your job, your head.
A lack of talent…
G: Do you feel there’s a current lack of cybersecurity professionals in the market?
C: One of the ideas we need to get away from is this idea of I’m a silo and I do this. Yes, there is, to answer your question directly, yes there is a lack of cyber data security knowledge. But security isn’t all about cyber, security is all about the physical side as well. There’s a lack of awareness. It’s about the physical things, including your phone, and making sure it’s locked down with a passcode, and that it’s not your date of birth that someone could use, as I found out my mate’s the other day. It was great because I got into his phone.
G: Or your children’s date of birth.
C: He’s had that passcode for ten years. Change man, change.
G: Also, make sure all of your different passcodes and login details are actually different. Don’t have one password that you use for your site, including your banking, and your emails.
C: Yes. There are tools out there to make your life easier, such as password managers. It’s about just trying to build up people’s knowledge base so they act and behave in a secure fashion, and ask themselves the question, “Do I want this data to leak onto the internet? What would happen if someone hacked this thing that is making this thing do something interesting?”
An example of this is connecting your door to the internet. My argument is… Do you really want to do that? What benefit are you getting from connecting your door to the internet? Because quite frankly, you probably still have a relatively secure, I’m not saying it’s completely secure, way of accessing your front door. It’s called your key. If you take your key away and open it up to an app, there was an instance in California where a company has been very successful in putting internet-enabled door locks. In fact, it was so good, it was such a good service that when the server failed, it went into fail-safe mode and that meant that no one could access their house.
In some respects it was very secure, in other respects, it broke the usability because you now needed to get a locksmith to drill out the electronic locks and put in a lock with a key because the company had gone bust.
You think about the intended consequences of what you’re doing when you connect stuff up. We are living in a very young industry, it’s massively product-led, and that means that as it goes through to market, especially this internet-themed stuff, and smart cities, it will consolidate, and that means there will be company losses. Have some confidence in who you’re doing business with. Will they be around in a year’s time, two years’ time, ten years’ time and should you be connecting this thing that you’re now connecting up to what is, quite frankly, the Wild West?
Do you worry about data security? What are your concerns? Let us know in the comments below!
This article on data security is the first in a series of interviews called Future Watch written for KnowNow Information in May 2016.