This is the last of the four-part "Tech Security Intelligence" series. This series explores the evolution of technology security and how it impacts the workplace. "Tech Security Intelligence" is brought to you by CDW.As we all buy smartphones and use the cloud, we are doing something that's never been done before: trusting a few big IT companies with our lives.? That's not necessarily in our best interest, but we have no choice.
So says world-famous security expert Bruce Schneier.
Schneier's latest book, "Liars and Outliers," looks at the psychology needed to keep humans safe.
Business Insider talked with Schneier and heard his thoughts. He told us:
- Smartphones change everything.? A few big companies, like Apple and Google, have gained an alarming amount of control because they own the the device and store the data. "I call it 'feudal security,' where you pledge your allegiance to a company and in return they keep you safe."
- One step forward, two steps back.? Despite all the advances in computer security, we are less safe than we were 10 years ago.
- Social media may be a scapegoat. Yes, there have been some highly visible episodes of Facebook and Twitter hacking, but there's no clear evidence that they make us less safe or inherently threaten our privacy. "In a lot of ways this is a new social experiment," he says.
Despite all of that, Schneier is not in mortal fear for our digital lives. The higher risk of getting hacked is just a natural consequence of all the cool new tech we now have.
"I don't think it's depressing," he says.?"It's just reality. Complexity gives us great things."
Still, people need to understand that choosing a smartphone isn't just about choosing a device. It's about putting a whole lot of trust into the vendor that owns the operating system. And that trust has not yet really been deserved.
Here is a lightly edited transcript of the conversation.
Business Insider: Are people at more risk from computer crime today than, say, a decade ago?
Bruce Schneier: Sure. That's obvious. There are more people using computers.
BI: But a decade ago, we were running Windows XP and there have been a whole lot of security developments since then. Have none of these worked?
BS: It doesn't matter if they've worked. Things are getting more secure faster. So yes. The new version of Windows is better than XP. It's more secure. On the other hand, there are 10 times more people out there with computers and they are doing more online. So even though security is improving, things are getting worse faster, so we're losing ground even as we improve.
BI: Does social media trick us into a false sense of security, into sharing things that could be dangerous to us when exposed to a wider circle?
BS: For some people, yes. But if you look at what people are sharing on Facebook it's often not intimate things. In a lot of ways this is a new social experiment. We kind of don't know the answers. The risks are greater,? fundamentally because of the complexity of systems. Gasoline doesn't flow unless it comes across the ocean and is put in a bunch of trucks and taken to gas stations and gets pumped out. If anything of those things break, the system breaks down. When you had horses, things were more simple. The inherent complexity in the system makes things less secure.
And in comparing things now to 10 years ago, things have gotten more complex.
BI: That's depressing. Is there something optimistic about the future to counter that thought?
BS: I don't think its depressing. It's just reality. Complexity gives us great things.
BI: What security problems are you working on now?
BS: What I'm thinking about now is the cloud. The cloud has great benefits and some new risks. And I'm thinking about iPhones and iPads because they are a very different risk.
BI: What's different with security of smartphones compared to PCs?
BS: The endpoints are changing and where you store your data is changing. The endpoints are now these consumer devices where we have much less control, and the data is no longer in your computer, it's in the cloud somewhere.
With the iPhone, you have no control over security. Apple has control. These devices are extremely portable and powerful and the security model is very different. You can't install antivirus software on an iPhone. You are not allowed to. You have to trust Apple.
BI: So, you're saying instead of an IT professional controlling security, it's now in Apple's hands??
BS: An Apple or a Google. I call it "feudal security," where you pledge your allegiance to a company and in return they keep you safe.
Think about someone using an Android phone. She uses Gmail, she uses Google Docs, all this stuff is kept safe by Google. She doesn't know how, she can't affect it. She has to trust Google and in return, Google keeps her safe.
We know there are problems, like the big problem with Apple backup passwords a few months ago. Last week, there was a problem with Facebook exposing data. It doesn't mean they will always do a good job, but you have to trust them, because you have no choice.