By Sramana Mitra and guest author Siddharth Garg
Sramana Mitra: I think in general, the security holes around the world are much larger right now because, for one reason, there is a lot more distributed, federated technology being used, and as a result there are a lot more holes. And you just gave us the use case of Dropbox, which should be encrypted but is not, and most of our laptops are not encrypted!
Chris Burchett: Right, exactly. And if you think about how many times have you used an external hard drive or a thumb drive, right? That device might have 2GB or more storage on it. And of course, all of these things become places where data threats leads to. We like to say that the natural state of data is being encrypted, and that should be the way it is. If that was truly the state of things, a lot of these devices and services would be much safer, right?
SM: But that is a long way up, it is a long way. I just don’t see it happening any time soon. You know [there are about] 5 billion devices connected to the Internet, right?
SM: Of those 5 billion, how many computers and how many people are connected to the Internet? How many mobile devices are we talking about, you know, billions of nodes?
CB: Well, you are, but notice that the cloud may make that actually easier. There are ways that the cloud may make security actually better, because if you build the right architecture in the cloud and over time, with high bandwidth connections more or less ubiquitous, then if you do a good job of protecting the data, encrypting it in the cloud over time, you have the ability to see data migrate there to be stored permanently. This is not probably a bad thing at all, as long as it is protected in a way that you could control it and manage it for yourself.
SM: That would have to be driven by some sort of compliance regulations, such that all cloud providers have to provide encrypted data services.
CB: Yes, it could be driven by them or just …
SM: If you have to force every person who is using Dropbox to encrypt his or her service, then that has to be driven by Dropbox, not by consumers. Consumers won’t even know. Think about it. The average consumer doesn’t know how to encrypt.
CB: That is right. But if you look at the antivirus case and the patch management case, these things start to get built into services that are offered as a general-purpose offering. And I think over time, you will see that sort of thing happen.
SM: So, you are saying that all our laptops come with antivirus programs built in.
CB: And firewalls and …
SM: You are going to have encryption built into the laptops.
CB: Yes, and into cloud services, too.
SM: That is fair enough.
CB: We are still early in this, and the cloud has evolved very rapidly over the past few years.
SM: Yes, it has. Let’s switch our discussion. This entire series is part of our One Million by One Million initiative, the goal of which is to help a million entrepreneurs reach a million dollars in annual revenue and beyond. The reason we are publishing the series and talking to all these CIOs is to have meaningful, substantive discussions about open opportunities, entrepreneurial opportunities, in the cloud. That being said, based on where you sit and what you see around you, would you talk to me about what you see as open problems that an entrepreneur could go after?
CB: Oh, wow. Well, there are several that companies are going after, in fact. From a security perspective, the entire identity space is one. How do I prove who I am? Digital identities is a relatively fragmented space and one for which a general solution has not yet emerged. There are lots of reasons for that. But the broader problem of how I prove to the website that I am who I say I am is an interesting one. [I’m thinking of] all the ways that I can do that and not be attacked by phishing attacks so that it is not possible for somebody to impersonate a website and trick me into authenticating with them and then stealing my password, for example.