Cybersecurity continues to be a difficult challenge for many businesses this year – the first four months alone saw a staggering 400% increase in cyberattacks. This spike was in large part due to the discovery of security and privacy issues in large tech platforms and the widespread work-from-home mandates caused by the COVID-19 outbreak. To meet the ever-increasing challenge of cybercrime and rebuild user trust, tech companies will need to be built with a new standard that embraces a transparent and open source approach.
A rising security threat
The initial scramble to provide the right solutions for employees working remotely due to COVID-19 resulted in a massive spike in successful cyberattacks. Cybercrime saw a boom in business and collaboration technology, in particular, played a major role in this. While these tools proved useful in keeping remote employees connected and productive, many were found to be lacking modern cybersecurity protocols, therefore jeopardizing the security and privacy of their users. Many popular platforms experienced an onslaught of security and privacy issues including hackers accessing video conferencing lines through brute force, improper encryption key storage, integrations creating security holes, and the undisclosed transfer of user data to third parties. Zoom even underwent a privacy lawsuit for allegedly illegally sharing personal data, and is currently being investigated by the New York Attorney General concerning its privacy practices. While these platforms have begun chipping away at blatant vulnerabilities and violations, it has clearly not been enough. Not only did the NSA release Collaboration Services for Telework guidelines that emphasize secure and trustworthy tools, organizations have even gone so far as to ban the use of certain collaboration tools altogether.
Unfortunately, the issue of lax privacy and security practices extend beyond collaboration platforms. Almost every corner of tech is struggling to keep up with rising user expectations and definitions of what acceptable security and privacy looks like. Apple was one of many companies that introduced more security features to its platforms this year. However, like other tech platforms with chronic issues, the company’s historical missteps have made it hard for many people to trust their commitment to privacy. The same can undoubtedly be said for Twitter, Google, Microsoft, Amazon and so on.
How open source can help
In the past, vendors have not been entirely forthright about how platforms are built, what security measures are put in place and how user data is being routed or used. Now, as consumers and businesses become more wary of undisclosed data collection and security weaknesses, vendors are feeling the pressure to make big changes to how they do things. Because of this the next big change (whether wanted or not) will emphasize hyper-transparency.
This is where open source comes in. The best approach to providing transparency on multiple levels is an open source framework. Open source demonstrates that a vendor is truly focused on taking a proactive and less opaque approach in sharing its security measures, allows for constructive criticism on how to improve, and enables third party auditing of the software. Let’s examine some of the security and privacy problems outlined in the previous section through the lens of open source.
1. Improper encryption key storage and undisclosed data transfers to third parties. Open source allows security firms and customers to “audit” software code, therefore giving them the opportunity to verify any claims made by the vendor. For example, if a vendor claims that encrypted keys only exist on user devices and are not stored anywhere else, a customer can then go and examine the software’s open source code to confirm this. Not only can users verify claims, they can also examine code to understand how the platform treats personal data, third party integrations, and anything else that may be a security risk. This is a way to get to the heart of customer concerns – a model of trust built on evidence and merit.
2. Chronic security issues. Open source makes it easier to leverage the wider developer community to uncover vulnerabilities, and also motivates companies to do their best, most thorough work. Think of the house you live in – if you know that your partner or mother-in-law will visit, your living space is likely to be cleaner and in better shape then when you are alone. Open source has a similar effect for companies. Because the work is shared transparently with the world, developers and the company at large are more likely to hold themselves to a higher standard (not to mention the ability to tap into the wealth of outside developers who may find security issues or solutions while sifting through the public code). All of this can directly translate to lower error rates (meaning a higher level of quality assurance) and a more efficient production process, leading to better and faster implementation. Open source companies can also prove more responsive to issues by showing how they are resolving vulnerabilities directly in their code.
Of course, open source is not a silver bullet. It is a fantastic tool for transparency, but it must be accompanied by other foundational changes. Vendors must focus on infrastructure changes that utilize the best security protocols (e.g. end-to-end encryption) and the best security and privacy methodologies (e.g. zero trust) to really stay ahead of the curve. Ultimately, tools that aren’t designed with core systems that prioritize security and privacy will struggle to keep up with the evolving landscape of cybercrime, and will not be able to maintain the trust of their users.
As businesses look toward the new world of remote and data-driven work, it is crucial that systems, infrastructure and tools can be trusted. There is a call to action from all sides – advocacy groups have started calling for vendors to put forth transparency reports, government regulations like CCPA and GDPR are beginning to enforce high levels of culpability, and customers are focusing on security, privacy and trust as deciding factors for their tech investments.
Companies that want to compete in this new world will need to adopt hyper-transparent practices and prove their claims through clear cut actions. At a time when we’re relying more than ever on tech to transact, communicate and collaborate at the individual, team and organizational levels, open source provides the best avenue for everyone to have the most in-depth and transparent understanding of their technology platforms that they want and deserve.