CWHK: So with the younger generation today seemingly more trusting in their behavior online, does that make them inherently less secure?
BS: Certainly today's generation seem to be more trusting but I think it's not that they trust more, I think they simply care less. The things that may freak me or you out may not necessarily bother them. But that doesn't mean they are less secure as a result -- they just have different rules. Again these are all social constructs which each person creates for themselves
CWHK: So for CIOs today the new generation should not pose any new security risks?
BS: Just because they care less does not mean they will be less secure. While young people on the Internet do act very differently to past generations, I have found them to be very sensitive to privacy. They probably do a lot of things that we might not even consider to preserve our privacy.
Historically we are used to the model where keeping something private was cheap and it was the default way of doing things. To make something public was expensive and not easy as you needed a media of some sort to spread the message. Today that's reversed.
Today making something public is the norm and it's cheap--keeping things private is expensive and difficult. Young people are accustomed to living their lives in public and it's normal to be constantly scrutinized. You get dumped on Twitter twice and you soon don't feel so bad about it. For me and you it's likely a horrible prospect.
CWHK: What is creating the greatest complexity today and therefore causing greatest security headaches?
BS: So today I see two key things happening and both involve loss of control--first around the devices and end-points we use, second it's around control of data. With devices today, the user has much less control over the devices we use. You can't buy a firewall for your iPhone, or buy software that will help securely erase data from an iPhone or a Windows Phone.
These systems are all closed, where updates and new software upgrades happen automatically without your input.
We can lose these devices and at the push of a button have everything appear like magic back on the new device. The downside is that there is a lot less security under my control and I have to trust the device makers and the software providers to ensure this is all protected.
Then there is the data. All data is increasingly moving to the cloud with Google, Facebook, Linkedin, you now have address books, documents and images all on the cloud. We have no visibility or control over how this data is being managed, processed, stored or manipulated. We don't know what OS Facebook is using or what they have in place to secure their system -- and in reality we don't care.
Sign up for CIO Asia eNewsletters.