Subscribe

No digital transformation without sacrificing privacy

Kirsten Doyle
By Kirsten Doyle
Johannesburg, 04 Jan 2017

ITWeb Security Summit 2017

Registration is already open for the 2017 Security Summit, six international plenary speakers, #SS17HACK launch, four training courses to choose from, and much more. For the complete agenda, click here.

Cybersecurity and privacy have been around for some time, even before the hype around digital transformation began. Surprisingly, digital transformation has been well-received by the information security community as it provides an opportunity for information security and privacy professionals to gain a seat at the table.

So said Simphiwe Mayisela, group information security officer at IS, adding that as organisations across myriad industry verticals are realising the potential of cybersecurity to accelerate their transition to become digital businesses, the more information security professionals are engaging in business.

He says the fintech industry is leading the charge in this space. "Stripe is a good example of a fintech company that has leveraged new technology and innovation to disrupt the marketplace of traditional financial institutions. In about ten lines of code, Stripe allows its clients to conduct payment transactions online and through mobile apps in a simple and use-friendly manner while ensuring that the transactions remain robustly secure. In this digital era, cybersecurity has more or less become a switch that can be easily turned on and deployed across various cloud platforms."

It is Mayisela's view that digitisation has affected security and privacy in a very strong and positive way in that security is no longer seen as an inhibitor to business agility, but as a modus vivendi where security functionalities are entrenched within business processes. "Nowadays, there are numerous digital businesses that need to share their data with other digital businesses, for example, during mergers and acquisitions or partnerships to bring a new product to market, and cybersecurity provides that desired capability to exchange data quickly and securely."

Speaking of whether it is possible to have security without sacrificing privacy, he says when privacy is sacrificed, so is security. "Privacy and security do not sit on the opposite ends of a continuum - you don't have to accept less of one to get more of the other. However, when people are presented with a choice between privacy and security, they will often choose the latter. Security is essential for survival, hence it is listed as one of the fundamental requirements on Maslow's hierarchy of needs, but privacy is not. Privacy is only unique to humans. For instance, monkeys and other species don't care much about privacy. Privacy is a basic social need that only humans find it vital for their personal dignity and individuality."

On the other hand, Mayisela doesn't think it's possible to have digital transformation without sacrificing privacy. "Privacy in a digitisation era is only a myth. How does one maintain privacy in a world where everything and everyone is connected by technology designed to interconnect people, devices, activities, relationships, tastes and preferences?"

He quotes Scott McNealy, one of the directors of Sun Microsystems, who said at a press conference in 1999: "You have zero privacy anyway. Get over it!"

"With the growth in social media adoption as well as new norms with regard to social behaviour, the urge to keep things private is diminishing," he adds, saying that people are more inclined to disclose their secrets to digital applications than they are to disclose to actual people.

Simphiwe Mayisela, group information security officer at IS.
Simphiwe Mayisela, group information security officer at IS.

People will tell Google and other search engines what they are thinking without question. Mobile applications continually send out our GPS location, how long we spend there and which routes we take. "We relinquish this privacy by willingly giving consent to the terms and conditions for data collections. Very few people bother to read the terms and conditions of WhatsApp, for instance, before clicking on 'Agree' each time there's a software upgrade. An avert book reader on Amazon's Kindle application may not be aware that Amazon does not only know the title of the book you have purchased, but also how long you spend reading the book, how fast you read and whether you finish a book or not."

Quoting Andrew Lewis from Blue Beetle, he says: "If you are not paying for it, you're not the customer; you're the product being sold."

Ultimately, he says in exchange for the products and services offered by companies such as Facebook, Google, Apple and Uber, we are giving away our digital lives to them and deliver ourselves to the enigmatic protection they offer. "Imagine how many subscriptions you would see if a digital disruptor like Uber were to launch a service that delivers pharmaceutical medication directly to your doorstep. Such a convenient service entails people giving away their home address, medical aid details, medical scripts, medical history, and suchlike."

Mayisela will be presenting at the ITWeb Security Summit, to be held from 15 to 19 May, at Vodacom World in Midrand. His presentation will empower delegates to answer tough business questions such as how to adapt their security strategy for the digital future, how to ensure that their security innovation budget is used effectively, and how to remain competitive in the increasingly connected, digital marketplace, while maintaining a good security posture.