In the last few months, news surrounding credit card data thefts, lack of email security, and the U.S. Government's "Stringrays" that can capture information from cell phones have captured the attention of the nation. These are scary signs relating to the lack of security on the information flying through the air that we all think is there, but isn't.
The trends of technology reveal that the security vulnerabilities we have will get even worse. The market pushes for more complex interconnectivity into our start-ups, apps and products almost guaranteeing more leaks, either by cyber hackers or government intelligence collectors will continue.Interconnectivity is only part of the problem with security. Our love of the "cloud" adds to the amount of information traveling the web, which multiplies the opportunities for hackers as well as the government to undermine protections. Some ask if the very concept of the cloud is increasing the problem rather than the solution to our security issues.
In an article published by TechCrunch.com, it states that an early 1990's laptop is more immune to hacking than a 2014 iPhone or Android. That means security is moving in the wrong direction.
If it was just technology trends that were putting our security at risk, we might have a fighting chance. But, as always, people are part of the problem too. Few seem to put security anywhere near the top of the priority list. Many still fight the security issue because they like the openness and transparency of the Internet.
Between technology and people, a pretty bleak picture is being painted of security on the web. It is a bit unfair to be too critical; security is tough to do right, even by experts.
When it comes to flaws and data leaks, the advantage is always in favor of the bad guys - they only have to find one vulnerability, while engineers for the product have to protect the entire codebase. Security has to be seen as an important part of coding for the web, just as high of a priority as reliability and speed.
How do we go about fixing the security issue? One answer may be to have companies put in place the culture and also incentives to encourage engineers to do their diligence on their own code and the work of others. The Internet needs to default to encrypted protocols like HTTPS.
This may mean fundamentally changing the way that data centers are structured. The article concludes that security is hard, and our programming libraries and protocols have not matured to guarantee the security we expect of them.
As James Carville said, "It's the security, stupid. Let's get this one right."