Connect with us

Hi, what are you looking for?



Security and Privacy: A Conversation Starter

What differentiates security and privacy? What unites them? Are they mutually exclusive or highly compatible? Does your organization’s policy on privacy trump its security policy? Are there policies in place for one or the other or both? Have you revisited them lately? If not — as the saying goes — there is no time like the present.

What differentiates security and privacy? What unites them? Are they mutually exclusive or highly compatible? Does your organization’s policy on privacy trump its security policy? Are there policies in place for one or the other or both? Have you revisited them lately? If not — as the saying goes — there is no time like the present.

Online PrivacyA short while back, Google announced changes to its privacy policy. If you missed the announcement, you may have also missed the firestorm of outrage that followed. By acknowledging that it analyzes — and then uses — what’s of interest to those who use its services, Google was portrayed as smashing to bits the very foundation of privacy.

While Google is sometimes viewed through a lens of suspicion, the company deserves kudos for starting a conversation that’s long overdue for anyone concerned with the confluence of technology, privacy and security.

If you use Google’s services like Google Docs, Gmail or Google+, it’s obvious that the company knows a lot about you. And if you use Google as a search engine, the company knows what interests you. Earlier this year, Google combined more than 70 previously separate privacy policies for products and services into one comprehensive policy that clearly states that the company collects information from all its services “ … to provide, maintain, protect and improve them, to develop new ones, and to protect Google and our users.” Furthermore, according to the streamlined policy, Google “uses this information to offer you tailored content — like … more relevant search results and ads.”

In 2005, Google publicly stated that it was combining data submitted via user accounts with information from other Google services or third parties. The company was doing this to provide a better experience for users and to improve the quality of their services. After reading it, I do not believe that the company’s streamlined policy issued earlier this year represents an alarming change, or even a dramatic one.

What is dramatic, though, is how rapidly the face of the IT function has changed in a relatively short span of time. Thanks in large part to companies like Google, it’s increasingly common for organizations to outsource all or part of their IT infrastructure, often directly into the cloud, where information that was once locked into filing cabinets now sits on servers protected by passwords instead of keys. This rapid shift towards a new paradigm for managing data is an excellent starting point for a long overdue conversation about security and privacy.

It’s Time to Strategize

When you engage with a third party for data storage and management, you lose privacy. While you still have a substantial amount of control over how much privacy you lose, at least some of it is sacrificed.

Advertisement. Scroll to continue reading.

So if you’re concerned about who has access to the information you’re responsible for, the Google uproar may serve as the conversation starter you need to encourage you to examine and perhaps adjust how your security policies work with (or against) corporate privacy.

If your organization is one of the many that that takes advantage of third-party service providers, it’s in your best interest to invest the time needed to articulate a strategy for privacy and security. While it’s important if the data handled by a third party pertains strictly to your organization, if the data involved also includes customer information, the importance increases dramatically.

I recommend you begin the process of defining your organization’s security and privacy policies and strategies by asking three simple questions:

• Of the data being handled by a third party, how much of it belongs strictly to your organization?

• What level of access to your organization’s data does the third party have?

• What is the third party legally allowed to do with the data from your organization?

It’s important that those involved in privacy and security strategies acknowledge the complexity of their undertaking and then allocate resources accordingly. Your job is to forge forward into largely uncharted territory since we haven’t yet fully replaced physical barriers with digital ones in a way that’s comprehensive and consistent. Ushering security and privacy protocols into the same generation as the technology upon which you and your business rely is a paramount responsibility for IT professionals in the years ahead.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.


Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.