Security in the sharing economy

Humans have been sharing goods, spaces and tools for millennia, probably since nomadic tribes extended their reach from the rift valleys of Southern Africa.

Long before we gained the ability to communicate across a distance, we had honed a straightforward technique to determine whether we could trust something or safely stay in a place: we would ask around, basing our decision on information from others.

Forward to the present day, we are inundated with the ability to consume a new breed of goods and services all by the simple touch of a digital screen.

Even more, the potential ways to create new, open-to-all business models based on the digital technologies now available is limitless.

The ‘sharing economy’ is represented by its two darlings: Uber for transport services and Airbnb for overnight stays. Each is calmly eating a global industry for lunch, sending tremors across established organisations and consortia.

>See also: AI and the sharing economy: how Expedia views the future of travel

As these new services are consumed, often overlooked is the fact that there is another sharing economy taking hold of personal lives and business worlds

Powered by this same technology revolution, consumers are sharing more information about themselves in order to access more convenient digital services, and businesses are increasingly using shared IT resources in the cloud to power the services they offer.

Sharing models of consumption have inherent risks for both consumers and suppliers, in that both sides have to trust each other.

Government-backed initiatives, such as the bicycle schemes popping up in cities across the globe, usually have built-in mechanisms to ensure all parties are protected.

But can the same be said for a startup that comes out of nowhere, enabling anyone to loan or buy almost anything to someone else?

People and businesses constantly think about risks and how they can be mitigated. That is, how to ensure that bad things don’t happen.

In the digital economy, the need to share data and establish trust is paramount – businesses need to ensure all parties are protected.

Central to these capabilities are how businesses protect the information upon which such services depend. Without it, the future of the digital economy will be in doubt.

Two types of information risk can be categorised – first and foremost, around data created and stored by shared economy services and their customers, and by the devices they use to connect to services.

Like it or not, companies are being powered more and more by shared IT resources from the likes of Google, Microsoft, Amazon and Salesforce.com.

In fact, more than one-third of all companies’ total IT requirements are met with cloud resources today. And nearly half of all company and customer data stored in the cloud is not controlled or managed by the corporate IT department.

Given the scale and distributed nature of sharing-based services, traditional approaches to security in which organisations try to build walls around their data and users have become invalid.

A far better, if less initially attractive, starting point is to assume a breach will take place at some point in the overall supply chain – inside a connected car for example, or to data stored in the cloud.

Indeed, the risks have increased because of people’s own, individual behaviours. Consumers are increasingly sharing personal information and consuming cloud-based resources to access free services that make their lives more convenient.

This is reflected in the number of online digital accounts consumers have, from banking and file sharing to social media. According to some recent studies, the average person has more than 25 online accounts.

People’s identities are everywhere. The simple fact is that most consumers do not understand that if the service is free, they are in fact the product themselves.

This brings us to the second category of risk, concerning information used to establish identity and build trust among ‘sharers’ – from ensuring a person, business or thing is who they say they are, to enabling others to rank their peers fairly.

This will become even more critical as the Internet of Things takes a larger role in people’s daily lives.

>See also: The evolution of the sharing economy

While we are currently faced with an explosion of personal data generated by sharing services, from a security perspective the mechanisms needed are well understood.

There is nothing new about the mechanisms that need to address such issues. The technical capabilities exist today. What is needed is a new mindset that involves, quite literally, thinking outside the box of our perimeter defences.

In this new digital world, the best way to protect identities and data privacy in a sharing economy is to attach security directly to the data and the users who access, share and consumer the information and online services.

The best way to protect data and identities is to encrypt them. This is why encryption is now so vital to trust and should not be meddled with or compromised in any way.

In China, the ancient principle of Guanxi refers to the way business is done, based on a shared understanding of a relationship built on trust.

It is a simple enough idea but its effect is profound, leading to the idea of a ‘Chinese contract’: an agreement which requires no paperwork due to the inherent trust shared by all parties.

 

Sourced from Olivier Piou, CEO, Gemalto

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Data