Paranoia Rules - who can you trust with your data?


A comment on an item about how people treat their valuable personal information, and their employer's...

Well, along the lines of that old joke about the best oral contraceptive being "no", paranoid IT security people "just say no" to anything and everything. I've had to deal with IT department heads who thought that was the safe answer to everything risky.

However, the world doesn't work like that any more, inside or outside the corporation. In contrast to twenty, or even ten, years ago, people are now used to better computing facilities at home than they have at work and they expect the same kinds of data freedoms, even if they don't really understand the risks.

Worse, they want to import the free-wheeling "Facebook generation" habits and new tech toys they have at home to the workplace, to the alarm of the corporate IT department. The fundamental problem, as always with security, is people. They just don't see why they can't use whatever method they like to "Get The Job Done(tm)". Anything that gets in the way of that or their monthly target or bonus is a matter of complete indifference to them. And, why should it be any other way? Give people conflicting goals and they will choose the one that benefits them most.

People casually hand away large amounts of their personal data because it "gets their life done". Anything that saves a few minutes is highly valued; anything that takes extra time is ignored or worked around. The one thing you can be sure of in today's world is that people are not interested in waiting for anything or anyone for any reason.

That's the usability test security products and policies have to pass.