05 Jan 2016

The Ultimate Security Dilemma

Author:

In a society that embraces online shopping, GPS location tracking, mobile texting and email anytime and anywhere, it is no wonder that technology’s promise of convenience continues to overrule many peoples’ instincts to protect and secure their private information.

The preference for convenience over security is present even at the highest levels of the US Government. With the news earlier this year about former Secretary of State Clinton succumbing to the temptation of using unsecure personal email for official state business – it is not surprising that many lawyers and their clients often click the “send” button with sensitive business, litigation strategy, finance and tax information attached, hoping or assuming that the emails reach their destination fast enough to avoid being intercepted.

Well, the email is transmitted fast, but never fast enough to prevent “un-friendlies” from siphoning its message contents from the electronic trail it leaves behind.

The constant challenge for IT professionals and security experts is to balance security and usability. If the most secure system is too complicated or cumbersome to use, people will circumvent it – as Secretary Clinton did. Once the official or corporate system is circumvented, security devolves from professional (IT executive) to amateur (end user).

Secretary Clinton’s use of a personal email system purportedly set up in her house by a colleague is a perfect, high profile example of this – but certainly not an isolated example. It has now been reported that Defense Secretary Ashton Carter used his personal email account to conduct official government business early in his tenure at the Pentagon, using personal email installed on his iPhone, rather than a secure professional account.

“With all the public attention surrounding the improper use of personal email by other Administration officials, it is hard to believe that Secretary Carter would exercise the same error in judgment,” remarked Sen. John McCain (R-Ariz.), Chairman of the Senate Armed Services Committee.

IT professionals often underestimate just how simple the user experience must be for widespread adoption. When the recipient says to the sender, “just send the darned thing,” because they get frustrated with the more secure process, the sender often just sends it, concerned that they are annoying the recipient with some policy or “process” IT has put in place.

If it is not simple to use, people will circumvent the process; and they do – even those who know they shouldn’t, like the former US Secretaries of State and Defense, and likely lawyers and their clients.

In next week’s technology e-brief, we will highlight and compare several different types of email encryption services and their ease-of-use.

RPost’s RMail service provides email encryption that is radically simple for both senders and recipients. The encrypted message contents are delivered directly to the recipient’s inbox, and there is no need for the recipient to open a third-party webpage, create an account, or retrieve the files from another location. To learn more or get started, click here.