Security Expert: Trusting Service Providers With Security Is Dangerous

By Kevin McLaughlin
February 26, 2013 8:37 PM ET

Page 1 of 2

In the days of feudalism, serfs and minor lords pledged allegiance to the king and received protection in return. As long as the king held up his end of the bargain, the system worked. If he didn't, the system would crumble, as it eventually did in Europe around the 15th century.

Bruce Schneier, CTO of BT Managed Security Solutions, sees the feudalism dynamic happening today on the Web, where users of social networking and other online services must blindly trust that the companies providing those services are paying enough attention to security. And given the power these firms wield, that is by no means a safe assumption.

Service providers are getting better at collecting user's data, a trend that could pose problems for serfs down the road, Schneier said in a Tuesday afternoon talk at the RSA Conference 2013 in San Francisco.

"Remember when Microsoft was the big company we were all worried about? Now it's Google, Amazon and Facebook," Schneier said. "Already, Google knows more about my interests than my wife does. ... We as users have to trust these vendors."

In the traditional security model, the onus was on the user to choose the right products for their needs, such as antivirus and firewall, and to configure it on their networks. Now that traditional model is breaking, according to Schneier.

He chalks this up to the rise of devices such as the iPad and iPhone, over which Apple exerts complete control; and cloud services, which vendors maintain completely on their own, affording zero visibility to the end user.

"You can't control security on Gmail or Facebook," Schneier told RSA attendees. "You get what they provide. With this model, someone else is taking care of it. When we trust Facebook security, we do it blindly."

Governments and corporations hold the lion's share of power at the moment, and they're increasingly using the Internet to further strengthen their position. Under the banner of combating digital piracy, media companies are using the government to enforce their business models with proposed legislation like the Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA), said Schneier.

"Right now the powerful are winning these debates, whether it's law enforcement or a large corporation," Schneier said.

NEXT: Can We Trust Service Providers Not To Screw Up?

1 | 2 | Next >>

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	McAfee Partner Summit: 10 Ways McAfee Executives Engaged Channel Partners Partners were given an overview of McAfee's product road map, a review of challenges and achievements over the last year, and the goals expected of partners over the next year, at the 2013 McAfee SecurityAlliance Partner Summit.
	Desk Stop: Top 5 Cloud Services Employees Can't Access Risky business? Maybe, maybe not. Here are the top five services that companies are preventing their employees from accessing, according to a Skyhigh Networks study.
	Top 5 Zero-Day Threats Of 2013 Attackers targeted previously unknown flaws in Internet Explorer, Adobe Flash and Reader, and Java, but security experts say businesses and solution providers should put zero-day threats into perspective.
	More Slide Shows