In Security We Trust...


Posted on: July 17, 2009 by Abbas Shahim

Transport for London has recently started a trial to help sooth passengers as we cram together on the tube and try and remain terribly British about everything on our way to work each day. Tube drivers are quoting the words of Gandhi, Einstein, Jean Paul Sartre and other great thinkers to help introduce some humour to the ups and downs of travelling on the tube.

Last week I had the good fortune to experience the test, and, as well as a pretty decent a cappella rendition of 'Bring me Sunshine' - which got the giggles going even with the most stoic in our carriage - we were also treated to the story of underground's first escalator. This was installed at Earl's Court and went operational in October 1911.

However, there was public fear and resistance to this new way of getting up and down, and so to show passengers how safe and easy the new escalators were, the clerk of works for the installation, 'Bumper' Harris, was employed to ride the escalator up and down each day to encourage people to use it. 'Bumper' had a wooden leg - with the idea being to show just how easy the escalator was to get on and off. Nevertheless, many passengers remained sceptical, believing they in fact knew how Bumper had got the wooden leg in the first place! On the other hand, the newspapers reported that some passengers were breaking their journey at Earl's Court just to ride the escalator.

Nearly 100 years on, the fundamentals in bringing change about in any business or societal system remains pretty much the same.

And it was with high interest that Times recently reported that under a new Conservative government, Google or Microsoft could hold NHS patient data. The thinking is that that Patients will be given the option of moving their medical notes to private companies after the Conservatives said that they would replace "Labour's centrally determined and unresponsive national IT system". Predictably, this has raised issues of privacy and security, with MPs and health professionals warning it could hamper doctors' ability to access medical records quickly in an emergency.

Big 'P' politics aside, the political, emotional and rational battleground has been drawn for some time on the use of external services over the Web to provide reliable and secure services for mainstream public sector delivery. For the IT industry and specifically its security profession, the cloud and the Software as a Service debate thunders on.

Whichever side of the debate you are personally on, it seems hard to find a way to convince the other. No matter how many Bumper Harris's are on display using the new services, the evidence is used to reinforce the already held view.

There are, however, some trends where there is some consensus, and it is here where we might look to first to find some common ground. Firstly, the world is becoming more and more connected. The UK itself as part of its Digital Britain initiative has recently defined a clear target to increase its citizens on-line from 65% to 80% of the population. Secondly, whichever way anyone looks at it, UK government needs to significantly cut cost in its service delivery. It might simply no longer be able to afford corporate IT delivery models, at least to the same degree as it has over the past decade.

And so the real question to my mind is, given we've had 50 years of experience of gaining trust (in the strengths and weaknesses) or corporate IT service and security, but only 5 years of experience of Web 2.0, how can we gain a majority of trust in the new security models of the Web - and how can we do so quickly?

In security we place our trust, and we need more consensus on the new security models of default and global connectivity in order to progress. The opportunities are significant. And the risk is that if we do not, the IT professional's view may well be bypassed.

Share this blog article


About Abbas Shahim

Business & Management Consultant
Abbas Shahim is partner at Atos Consulting where he heads the international GRC practice. He is also full professor of IT Auditing and GRC at the VU University Amsterdam.

Follow or contact Abbas