In a famous two-part episode of “Star Trek: The Next Generation,” Captain Jean-Luc Picard is captured by the Cardassians. During a pivotal scene, a Cardassian interrogator shows Picard four bright lights and demands that he “see” five lights. Picard resists, culminating with him shouting, “There are four lights!” When I hosted Tarah Wheeler on Afternoon Cyber Tea with Ann Johnson to talk about encryption, she shared this particular story about the Next Generation episode during our conversation because she believes it’s a good description of how we should think about encryption.
In addition to being a Star Trek fan, Tarah Wheeler is an accomplished information security researcher, political scientist, Fulbright Scholar, and author of the best-selling book “Women in Tech: Take Your Career to the Next Level with Practical Advice and Inspiring Stories.” Just as with that infamous episode, there’s no way to meet in the middle when it comes to encryption according to Tarah. Encryption experts refuse to compromise because it simply isn’t possible when math is involved. Math can’t be half-implemented and taking a backdoor approach to encryption doesn’t work. This can confuse people because protection and the right to data privacy are not fundamental opposites. Instead of having to choose one or the other, companies should balance the two, which will achieve better than a zero-sum.
Tarah has previously said that the right to private and encrypted communication is a fundamental right of humanity. She’s heartened by the change in the perception of cybersecurity, which is now considered one of the pillars of supporting a business rather than something you bolt on from the side. Cybersecurity is viewed as just as important—and necessary—as keeping the lights on and training employees. Keeping the company’s digital assets safe has become as necessary as those fundamental practices for a modern business, and cybersecurity is as valued as the Human Resources and Legal departments. Securing assets before an attack can occur has become the priority versus cleaning up after a cyberattack.
This shift toward viewing cybersecurity as a cost center has been one of the biggest changes in international business over the last few years. But Tarah characterizes that shift as reluctant and frustrated. That frustration isn’t always due to attitude; sometimes, it’s because of the difficulty in demonstrating the cost incentives of internally treating cybersecurity like a cost center. However, the money saved from effective risk management is changing that. Some of the most successful cybersecurity departments report up to Risk or Finance and not to Technology. The biggest corporate impact of international cybersecurity has been regulatory regimes like the General Data Protection Regulation (GDPR), the European Union law on data protection and privacy. The passage of GDPR was a big wake-up call for how the US conducted its affairs in corporations because many companies were stunned that compliance on requirements like data deletion would be enforced.
During our in-depth conversation, we also had the opportunity to explore the concept of “imposter syndrome” in the cybersecurity community, in addition to the changing role of the Chief Security Information Officer in an organization. I invite you to listen to our discussion and learn more about this shift on Apple Podcasts or PodcastOne.
In this important cyber series, I talk with cybersecurity influencers about trends shaping the threat landscape and explore the risk and promise of systems powered by AI, IoT, and other emerging tech.
You can listen to Afternoon Cyber Tea with Ann Johnson on:
- Apple Podcasts: You can also download the episode by clicking the Episode Website link.
- PodcastOne: Includes the option to subscribe, so you’re notified as soon as new episodes are available.
- CISO Spotlight page: Listen alongside our CISO Spotlight episodes, where customers and security experts discuss similar topics such as Zero Trust, compliance, going passwordless, and more.
To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. Or reach out to me on LinkedIn or Twitter if you have guest or topic suggestions.