Privacy and Identity Meeting at Sony
Author: Liz Kerton, Industry Analyst at Kerton Group
These are high times for the topics of Privacy, Identity, and Security. Recent press has brought out the Snowden revelations, the Verizon persistent cookie scandal, the black hat Sony Pictures hack, the Uber passenger tracking scandal, and so much more. The awareness of the issue is trickling down from the Technorati to the general public. Our meeting didn’t solve all the challenges inherent in the topic, but we made progress.
The Telecom Council held its annual meeting about Privacy and Identity this Thursday, at Sony’s facility in San Mateo. We tend to cover this topic every year because it is so critically important to everything our members are doing. In fact, by importance and weight, it could easily figure for half of the agenda for each and every other meeting we do through the year. But we consolidate, and try to summarize it in these dedicated meetings.
At the core, there is a conflict between the desire to offer better, more targeted, and more personalized services versus individuals retaining control or confidentiality around personally identifiable information. And the equilibrium point remains unknown. Our panel also pointed out that the correct balance will be different in different regions, cultures, and legal frameworks. As an unpanel, the discussion went quickly all over the map, but here are some key takeaways:
Roger Casals of Symantec said that IoT should not stand for Internet of Things, but rather Identity of Things, because that is the aspect that is more important. What are these things, what are the policies around the information and data they provide, who can authenticate and access them.
- Marc Cane from ARM explained how a security solutions needs to start down low, at the silicon, with Secure Elements on the chip that fire up before even the OS. This is where we can keep the keys to our kingdoms.
- Michelle Finneran Dennedy of Intel Security likened modern personal data to Intellectual Property, in that there should be an owner, and that owner has certain property rights to that data. But Michelle pointed out that IP is mature around the issues of motion pictures, etc, but not so mature around data provided by smartphones or IoT.
- Ray Potter of Safelogic explained how the era of mobility caught security and IT people off-guard. So they had to react instead of get ahead of the new challenges. Ray illustrated a three-wave tsunami. First, the reacted to the thread of the new devices and the hardware functionality (BT connections, memory, camera). Then they reacted to the apps on the device an creating policy controls to limit or sandbox non corporate IT apps. Then they reacted to the tremendous reams of data that these devices can create, and locking down or capturing that data somehow.
- Casey Oppenheim of Disconnect told us how consumers have come a long, long way in the past two years, and are now demanding some solutions to their fears and confusion around their own privacy.
As a group, we agreed on the inevitability that everyone will be hacked. But that is no excuse to sit back and wait. Preventative measures, risk mitigation, following best practices will all help each individual. Corporations can get ahead by limiting the amount of personal data they hold to only what they truly need. Respect the laws and the consumer, or it can come back and bite you. Hard.
On the upside, the panel agreed that there are numerous opportunities for businesses to provide Privacy services. These could improve a user’s firewall, or simply help them manage the confusion and reach a balance of customized services, but control of their data. Carriers were noted as a very powerful channel for many of these solutions, since they have a position of trust, an existing commercial relationship, network control, and device distribution.
In this photo, panelists gather around the whiteboard of topics from the audience for the panel to address. Checkmarks indicate a covered topic.
Thanks to Sony for hosting!