The battle over privacy vs. security is a constant reminder of not just how far the Web has taken us, but how far we have to go to agree on its public usage. On one side you have an army of users who trust you — or aren't aware they are trusting you — with the sensitive information on their machines. On the other side is an ever-looming governmental presence, which seeks access to users' data in an effort to protect a much larger set of interests.
How are we to hold these two sides in perfect balance? Is there a perfect balance? Well, yes and no. Bear with me.
Do You Feel Lucky?
Well, do ya? While you may never know the full extent to which the government has "collected" private-sector information, it's a fair bet that the figure would be humbling. And whether or not you deem this practice justified, surely the rest of the workplace assumes their private information remains just that with support's help. With this in mind, it's a good idea to ask yourself, barring the hands you can't slap away: "Am I actively protecting staff's privacy?"
As you formulate a response, think about how your staff might react if they found out their privacy had been compromised. Would they — or more likely, their lawyer — see the security measures you do have in place and frown upon them? How about if your own privacy was on the line (and it is)?
Not Where, But How You Draw the Line
It's important to remember that the fine line you draw between privacy and security isn't universal. In fact it often isn't even straight, according to Chris Ellis, former data security officer for a government security contractor and current consultant for all things cybersecurity.
"I think the concept of privacy is a very individual matter," Ellis suggests. "I've met people who wouldn't bat an eye at checking their bank account on a public computer. When I tell them how easy it can be for someone to steal that information, they'd just shrug it off. On the other extreme, one of my best friends insists on using the 'Incognito' tab [Chrome's private window] for every browsing session, even on his own devices."
These two archetypes obviously have different thresholds for privacy. It's ultimately up to the sysadmin to determine which concerns are valid — and to what extent — within the business despite what the government says it needs.
Transparent Policy, Not Security
Ellis' insight, here, applies to more aspects of your network than you may think. Rather than being a solitary decision based on a static environment, the solution to the privacy vs. security debate is aggregate. Unfortunately for the helpdesk, appeasing everyone's individual privacy concerns isn't a practical endeavor. Ellis insists, however, that a happy medium can be found when users are able to appreciate the fragility of online privacy.
"What I've come to find is that end users are most concerned with privacy when their information is in someone else's hands, even legitimately," he observes. "I'm always surprised to see how much more responsible users are with personal information when organizations are transparent about their security practices and inherent limitations."
At the end of the day, you can only provide the tools and environments that enable secure data storage and file transfer. As users begin to understand the parameters that separate their own privacy from a greater security standard, they're less likely to cry foul and more likely to embrace secure habits themselves. I don't know about you, but in my book that's a win-win.
Tell your users the risks, show them how they're protected and provide the tools necessary for them to make up the difference.
>> To learn more about secure managed file transfer, check out our white paper: "Security Throughout the File Transfer Life-Cycle: A Managed File Transfer Imperative".