This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Securing Our Communications: More Innovation, Please!
2020 will be a new year in more ways than one. Last month, I wrote about how suddenly profits are more important (again) than growth. That may seem silly to some of you. However, for the past decade, cloud providers have largely been focused on growth.
Clouds are expensive to build, and since providers only realize revenue per user per month, there wasn’t an expectation for providers to make a quick profit. Basically, the playbook that Amazon and Salesforce followed said to reinvest every dollar into the offering and marketing in order to build a defensive moat.
That worked until it didn’t. We accept things, sometimes things we know to be broken, until we don’t. Just as we know businesses need to be profitable, we also know they need to be secure. For years, we have all been looking the other way when it comes to security and privacy.
Looking the other way has become painful. 2019 provided a constant reminder that security and privacy can’t be assumed. The frequency and magnitude of data breaches became numbing. Here are just a few examples:
- A year ago, we found out that a glitch in Apple’s Facetime app could enable secret surveillance by allowing an attacker’s call and self-answer a call without user interaction.
- Major security flaws found in Marvell Avastar Chipset impacted a broad range of devices, including Samsung Chromebooks and Microsoft Surface devices.
- The Thrangrycat flaw allowed attackers to plant persistent backdoors on most Cisco equipment.
- Google had to replace faulty Titan security keys sold in the U.S. due to a Bluetooth issue subsequently also addressed by Microsoft.
- Nation-state hackers breached 10 telecom providers with a "de facto shadow IT department."
- AT&T employees took bribes to plant malware on the company's network, according to the U.S. Department of Justice.
- The president now regularly conducts phone calls using unsecured devices, according to a new report from The Washington Post.
Security has always been important, but the risk has increased. First, there’s more data. After years of digital transformation initiatives, almost everything we do at work involves and generates data. The rise of the cloud has made it harder to contain data from both storage and API perspectives. Something as simple as a doctor’s visit used to result with some notes stored in a locked file cabinet. Today, that information gets logged in software, uploaded, and disseminated in ways that can be hard to contain.
Enterprise communications is right in the thick of it. Workflows routinely involve email, messaging, calendaring, and meetings — all of which are likely digital. Corporate collaboration software likely knows who you interact with, what’s on your calendar, where you are, what you are working on, and all kinds of other non-public details. Encryption is rare, most calls, email, Fax, and SMS communications aren’t encrypted.
Encryption is most common with internal communications such as messaging/chat apps and some conferencing solutions. But encryption alone isn’t sufficient. With Cambridge Analytica, the issue was access to encrypted data, and the same issues are relevant for enterprises. If the provider has access, that means data privacy is susceptible to its management practices as well as risks such as admin curiosity, bribery, mistakes, and hackers. Providers often retain access for enhanced services such as search and analytics.
The situation is creating a dilemma: We value intelligent and contextual services, but trust in the security and privacy of our providers is declining. Do you know if your provider uses subcontractors? Consider that a Facebook contractor was recently charged with taking payments to circumvent Facebook’s policies. Would your provider notify you if it was ordered to turn over your data? Consider Evernote complying with a court order to turn over user data. Warrants and subpoenas can include a gag order that prevents a provider from notifying its customers.
It’s clear that security plans are getting promoted from the bottom left drawer. Customers are demanding more information and more control over the security and privacy of their data. Enterprise communications are right in the thick of it. That’s why the theme for this year’s Innovation Showcase at Enterprise Connect 2020 is security. There is no cap or restriction on company size.
There’s been tremendous innovation in security technologies and practices such as biometrics, AI, zero trust, and blockchain. We are seeking solutions that specifically improve the security of enterprise communications, which can include voice, video, messaging, contact centers, email, wireless, and/or other forms of communications and collaboration. It can apply to real-time interactions as well as content sharing, operations and management, payment processing, customer information management, mobility, and authentication to name a few. The vendors need to be new to Enterprise Connect, but the solutions can apply to established ecosystems.
With regards to security, 2019 was a terrible year. For 2020 to be better, we need new ideas that find their way to enterprise IT buyers.
Dave Michels is a Contributing Editor and Analyst at TalkingPointz.