We live today in a "feudal security world", says internationally renowned security technologist Bruce Schneier."
We pledge our allegiance to the service providers -- the likes of Google, Facebook - and expect them to provide us with security in return -- akin to serfs and peasants paying tribute to their lords in the form of personal data, says Schneier, the author of Liars and Outliers: Enabling the Trust Society Needs to Survive, and chief security technology officer at BT.
"What I am seeing is a shift in power on the internet, that we generally have less control over our IT infrastructure, our products, our user devices, our services. "We basically have to trust our vendors," he says. "We just don't have the ability to control security or configuration the way we did when we owned and controlled the platforms.
"This is very much a feudal model," he says, where users are "pledging their allegiance" to companies like Google with their data.
"They have our calendar, our address book. They have our photos. In return, we are expecting them to protect us." "In some ways, it is a dangerous model because Google really doesn't have a lot of interest in protecting us."
In his presentation last week at the RSA Conference in San Francisco, Schneier points out how historically, "disruptive technologies" like the plough, gunpowder, printing press and radio, have upset the power balance, and the internet is no exception.
"Entire industries disappeared," he says, "Remember travel agents, or video rental stores or bookstores?
"Different companies are gaining and losing power," he says. Before, people were worried about Microsoft as the "big company", now their attention is on Amazon, Facebook and Apple.
Traditional models are now breaking because of the rise of devices like the iPhone and Kindle where the vendor controls the device more than you do, he says. At the same time, users of cloud services like Gmail or Flickr do not control the security in these services.
"You get what they provide, that is the new model of security. Someone else is taking care of it," says Schneier.
The tradeoff? "We give up some control and in return we get this very useful service. We have to trust our vendors will protect us, our data will be safe, that governments will not illegally spy on us. "This is our only option," he says. "This model is starting to permeate security today," he says. An advantage is vendors are doing a better job at security, but a disadvantage is you can't audit their security. "Once you pledge allegiance, it will be hard to undo that -- often you can't pull data out of these sites," he says.
Sign up for CIO Asia eNewsletters.