Concerns about the safety of new services on the Internet are as much part of our virtual life as the carefree spread of personal data on social networks. Obviously, the tension between the need for openness on one hand, and security on the other hand, requires a new culture of privacy and trust on the Internet, and of course an appropriate political framework.

Since the combination of CRM with data from the social web is nowadays a key issue for future investments in virtually every industry, it can be expected that in the next few years a research team of CRM, social media and data protection experts will take care of the development of a software solution that bridges the current privacy dilemma. Just think about the Sphere Research Project that intends to find a solution for social CRM.

Fact is that we are forced to rebalance the relationship between freedom of information and privacy on the Internet, as a crisis of confidence in the Internet would dramatically worsen the entire climate of innovation. Internet users must find an adequate level of privacy and be able to evaluate risks properly and behave appropriately, besides taking into consideration that ethics, legislation, economy and technology continue to evolve constantly.

Unfortunately, the actual relevance of IT security is often only recognized when absent, although the industry is working hard nonstop to make the Internet more secure for users. As business processes and technologies become more and more complex, it becomes increasingly difficult to gain the users’ confidence and meet their expectations.

I mentioned in a previous article that the confidentiality, integrity and availability (CIA) triad is one of the core principles of information security, but I believe it is worth to conjure up its meaning again and again:

•       Confidentiality refers to preventing the disclosure of information to unauthorized individuals or systems, enforced usually by encryption or by limiting the places where it might appear (in databases, log files, backups, printed receipts, and so on), and by restricting access to the places where it is stored. Actually, confidentiality is necessary for maintaining the privacy of the people whose personal information is held by the system.

•       Integrity in information security means maintaining and assuring the accuracy and consistency of data over its entire life-cycle, implying that data cannot be modified in an unauthorized or undetected manner. Information security systems typically provide message integrity in addition to data confidentiality.

•       Availability is a must for any information system to serve its purpose when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it, must be functioning correctly and be available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-service attacks.

That IT security is not a static process but actually very dynamic makes the issue more complex and hampers being highly dependent on the technical developments and aspects. Of course there are many protection mechanisms that fight known attacks available in the market. Depending on the timeliness and completeness of the underlying virus lists, additional protection mechanisms, so-called malware programs, are available as well, which search for Trojans or other malicious software to neutralize them. What all solutions have in common and try to achieve is confidentiality and integrity by transforming the content (encryption) or to prevent unauthorized access to information or resources. The basis for ensuring the confidentiality, integrity but also the accountability of information is the cryptography as well as its follow-up mechanisms, which means encryption of content and the creation and verification of digital signatures.

However, despite these and other protection mechanisms, not all attacks can be thoroughly and perfectly blocked. Thus, IT security is the ongoing process of exercising due care and due diligence to protect information as well as information systems, from unauthorized access, misuse, disclosure, destruction, modification, disruption, or distribution.

It is a never ending process that involves ongoing training, assessment, monitoring and review, since it is an indispensable part of all the business operations across different domains. So it seems like it will be a never ending story of learning and trying to be a step ahead of any criminal intention.

By Daniela La Marca