Article 6G67T A Bold New Plan for Preserving Online Privacy and Security

A Bold New Plan for Preserving Online Privacy and Security

by
janrinok
from SoylentNews on (#6G67T)

AnonTechie writes:

[Source]: IEEE Spectrum

Whether we like it or not, we all use the cloud to communicate and to store and process our data. We use dozens of cloud services, sometimes indirectly and unwittingly. We do so because the cloud brings real benefits to individuals and organizations alike. We can access our data across multiple devices, communicate with anyone from anywhere, and command a remote data center's worth of power from a handheld device.

But using the cloud means our security and privacy now depend on cloud providers. Remember: The cloud is just another way of saying "someone else's computer." Cloud providers are single points of failure and prime targets for hackers to scoop up everything from proprietary corporate communications to our personal photo albums and financial documents.

[...] It's not just attackers we have to worry about. Some companies use their access-benefiting from weak laws, complex software, and lax oversight-to mine and sell our data.

Our message is simple: It is possible to get the best of both worlds. We can and should get the benefits of the cloud while taking security back into our own hands. Here we outline a strategy for doing that.

In the last few years, a slew of ideas old and new have converged to reveal a path out of this morass, but they haven't been widely recognized, combined, or used. These ideas, which we'll refer to in the aggregate as "decoupling," allow us to rethink both security and privacy.

Here's the gist. The less someone knows, the less they can put you and your data at risk. In security this is called Least Privilege. The decoupling principle applies that idea to cloud services by making sure systems know as little as possible while doing their jobs. It states that we gain security and privacy by separating private data that today is unnecessarily concentrated.

[...] The needed protocols and infrastructure exist, and there are services that can do all of this already, without sacrificing the performance, quality, and usability of conventional cloud services.

But we cannot just rely on industry to take care of this. Self-regulation is a time-honored stall tactic: A piecemeal or superficial tech-only approach would likely undermine the will of the public and regulators to take action. We need a belt-and-suspenders strategy, with government policy that mandates decoupling-based best practices, a tech sector that implements this architecture, and public awareness of both the need for and the benefits of this better way forward.

Do you think this strategy will work ?

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments