I watch in horror as I look at what people post in open forums on Facebook, and I just want to ask them -"do really understand what you just said will exist on the web forever?"
At the other end of spectrum, my financial advisor was just required to install a new "secure email" system to insure that no one (including me) can read anything she sends. After spending 10 extra minutes to trying to decrypt, decode and download every email, I am pulling my hair out with the inefficiency. Thanks to secure EMAIL - I now think the post office can make a comeback.
So why is it after all these great years of "good enough" email, we are now relegated to a choice of systems that virtually guarantee what you say will become public record with the alternative being new "secure" systems that are so cumbersome and time consuming that I need to FEDEX important stuff? It's not right!
Technology has been a great boon for the world economy but I feel like inability to provide "transparent security" risks is wiping away much of those gains. The risk I see is that, every time we make it harder to do something to accommodate a security need, I believe we actually increase the risk that individuals will bypass the security to regain the efficiency. At some point security additions could potentially increase security risks.
A great example here has been passwords. We all now have so many passwords that folks are forced to either write everything down, or use one password for everything. While companies create rules to have exotic and ever-changing passwords, do they also supply the users with password management software so they don't just write everything down on a scrap of paper?
On the eve of the RSA conference I thought it would be great to present this challenge. We clearly need reasonable security and privacy but we also want to use our iPads for business without having to lose all of the productivity gains. When I get a bank statement, I want it to come up on the screen, not be a link to the bank's home page where I get to spend 10 minutes logging in and navigating to the right spot. When I buy gas at the same station every week, I don't want to spend extra time typing in my zip code.
The true revolution in security, to me, comes when users can have it with little if any visible impact to the ways we would like to work. I would encourage everyone building or evaluating security capabilities to really make user ease-of-use a top priority. The best security is security that users really adopt.