RSA 2014: Does Tight Security Threaten Privacy?

When network administrators tighten down on enterprise security, employees may feel like their privacy is being sacrificed —and the administrators themselves may feel like they have no choice but to monitor internal communications and transactions. 

But can you have a secure network without compromising privacy?

The answer, according to experts at the 2014 RSA Conference, is yes.

“There is no reason in the world you can’t have good security and protect privacy,” said Thad Allen, Booz Allen Hamilton’s executive vice president.  Allen cited IT’s ability to track data lineage and origin, and who has access to it as the reason why. “I think it’s entirely compatible to have increased security and privacy,” he said.

Jamie Brown, CA Technologies’ director of global government relations, feels that it wouldn’t be an issue at all if companies and governments incorporated privacy into their plans when developing security protocols.

“They should be keeping data protection and privacy in mind in that development process,” he said. “When you do that, as part of an effective cybersecurity development process, you’re going to be able to do both effectively. It isn’t one or the other. You can do both at the same time.“

Dan Lohrmann, Michigan’s chief security officer, agrees. He specifically cited the importance of maintaining privacy at the state and local level. A good privacy policy and good security policy go together for a local government tasked with protecting taxpayers at the ground level.

“The reality is that you don’t want breaches, obviously, but you also want to make sure that your privacy policies are being enforced with good security controls," he said. "And I think they really can be partners."

But perhaps the data security issue becomes less murky and confusing when people keep it simple. 

“At the end of the day, security is about making sure information is where you think it ought to be, and privacy is about keeping information where it’s supposed to be, so the objectives really are the same,” said Paul Kocher, president and chief scientist for Cryptography Research, a division of Rambus. “It’s really just a question of defining where that information belongs and who should have access to it, and then trying to build systems that map that intention into a reality.”


This is the fourth video in a series of five. Visit Govtech.com tomorrow for more highlights from RSA 2014.