The recent open letter to Google urging an improvement in security, particularly for Gmail, has received relatively little publicity. But it is gratifying that Google appears to be responsive (see Google responds to call for more security). This does not help with SPAM (but DNSSEC can be used to authenticate email and thereby effectively stop SPAM) but it does help protect data and identity information.
Lack of encryption and authentication have made malware a high growth criminal business, hackers are so successful at obtaining financial and identity data that prices for such data keep falling. The Related Articles and Related Links sidebars to the two SC Magazine articles I have linked above illustrate the problem.
Yet the fact that Google must be petitioned to help customers use its existing HTTPS tools (ones that Microsoft and others to not offer for email) indicates how little business seems to care about Internet security. Cloud computing puts your data into the Internet. One would think that encryption and authentication would be required to offer cloud based services to consumers and businesses. Yet cloud security seems to be an afterthought: See Cloud security concerns don't register with many businesses.
It's only a matter of time until we see more legislation and regulation unless business gets a clue on authentication and security.
Comments