Share good ideas and conversation.   Login, Join Us, or Take a Tour!
comment by veen

    This isn't a problem for the USER to solve. My problem is with the BUSINESS.

I did understand that you were talking about businesses, but I don't think that's a useful or necessary distinction. Businesses and users are both facing the same security problems. Businesses try to protect their proprietary data, their passwords, their sensitive information, but so are you and I. There's B2B services, and there's B2C services, and security revolves around the same question for both: can I offload some difficult aspect of my work without jeopardizing that work?

My disagreement was mostly with your suggestion that businesses should tell services to GTFO and develop those services in-house instead. I don't think that's a reasonable think to ask of businesses: the ocean of sensitive data has become so incredibly wide (from passwords and pdf's to credit card info and blockchain keys) and deep (big data). It's not the 1920s anymore, which is why SaaS is such a vital part of modern business and why it is incredibly inefficient to have every company and user reinvent the wheel.

Just to give an example, my last gig and my current internship both run everything on Citrix thin clients. Is that safe enough? Maybe not.... Should hundreds if not thousands of companies develop their own OS-integrated remote client solutions just so they have their data back in control? I don't think so.

SaaS is pretty much unavoidable these days even though its incentives are misaligned. My solution, for both users and businesses, is to be way more strict about security in what kind of services they demand. To vote with their wallet and pick the more expensive, more secure option over the bargain hacked together startup solution. I think that's a much more attainable goal for security problems, even though it will never be a perfect option.




goobster  ·  363 days ago  ·  link  ·  

    "My solution, for both users and businesses, is to be way more strict about security in what kind of services they demand. To vote with their wallet and pick the more expensive, more secure option over the bargain hacked together startup solution. I think that's a much more attainable goal for security problems, even though it will never be a perfect option."

I hear ya, but this requires defensive security, which has been proven to be ineffective for centuries now.

I was hoping to open the conversation to radical new ways of thinking about data and security.

The only reason why CCs and personal data are under constant attack by hackers, is because they are broadly valuable.

A "simple" solution to that problem is to go back to having a Macy's card, and a Shell card, and an Amazon card - essentially a card-per-business - because then hacking your personal and CC data has no value to the hacker. They get ONE person's info, which can be used for ONE store, and is, in fact, already in use, so any attempt to use that data to establish a NEW account, would immediately be flagged. "That user already exists in the system."

I dunno.

It's just a different way to think about security. Remove the choke-points that hackers love to target, and suddenly hackers won't be cracking your system, because there is no big financial gain to be had.

It was just a thought experiment...