If you haven’t seen this fantastic video about online security and mind reading, it’s totally worth 2.5 minutes of your time. Brought to you by a Safe Internet Banking initiative out of Belgium, my ancestral homeland-home of waffles, lace doilies, and diamonds.
The bottom line of the video is that if you put your personal data in social networking and cloud-based services, it’s going to be visible…and not just to marketers. This is why every machine in my house is protected (yes, by Trend Micro Titanium; I do work there…and it’s got the best detection rate). I don’t let people (even relatives) use my main PC, and for sensitive transactions, I use a virtual machine that never gets used for anything else.
It’s also kind of scary that most people don’t understand the extent of the data that is gathered without their permission whenever they use a mobile device. You can assume that most applications you use on your phone gather an enormous amount of information and put it into the cloud for marketers to use. For instance, Angry Birds, the top-selling paid mobile application that has been downloaded more than 1 billion times, was just outed by Jason Hong, an associate professor at the Human Computer Interaction Institute at Carnegie Mellon University.
The Angry Birds application collects personal information, at least your location, your sex, and the unique identification number of your smart phone. Sometimes, the information from your contact list or even pictures from your photo library may be included. It’s not clear whether this is a cloud security problem, a consumer privacy problem, or even a big data problem. What is clear is that this is a problem in multiple domains, one that ought to affect cloud adoption. However, history shows us that most consumers are willing to give up a lot of personal information for a very small amount of free software.
Enterprises on the other hand, not so much. Since it’s getting harder and harder to figure out where mobile devices end and where the cloud begins, companies can either have a cloud security strategy *and* a mobile device BYOD strategy, or they can let a de facto cloud strategy evolve based on smart phone privacy practices.
History tells us that won’t end well.