Over the past few years I’ve slowly whittled down the amount of stuff in my pockets through both low and high technology solutions. For instance, I use a “wallet” application on my iPhone that stores all of those annoying frequent shopper cards that used to pollute my key ring. Consequently, older styles of security such as hardware tokens adorning a keychain are also seen as antiquated and less-than-exciting. Us “Millennials” expect consolidation and convenience and resent needless gear that weigh us down if an app or a smart device can replace it.
Not long ago, password complexity was an exercise in interpretation, two-factor authentication was restricted to government and enterprise employees, and a digital wallet was a piece of science fiction. Now, with technologies like LastPass, Duo Security, and Coin, the expectation is that consumers have access to cutting-edge technologies providing new levels of security and convenience, all without adding anything to your wallet or keychain.
As bring your own device (BYOD) continues to become the new normal, my generation of employees don’t want to have to carry two phones, let alone a pager, two-factor token, or even a key that you have to insert into a door lock. The benefit here beyond minimalism is that as security becomes part of their daily life in a more familiar way, these same end-users will inherently be getting an unexpected education in security not only at work, but also by merely using social media.
We’ve seen a strong move, especially with Facebook, to provide users not only granular privacy controls but also a lot of account security features. From IP address logs, to trusted browsers, to two-factor authentication, social media is actually providing a great assistance to employers by teaching these end-users what important security controls are and how they work, even before they have their first day of enterprise orientation.
While many discussions on social media end up with talking about privacy, there is a much deeper reality that they’ve actually helped to expose millions of people not familiar with strong security controls to now find these options to be available and of value. If by the time students leave high school or college, they happen to know what two-factor authentication is due to Facebook or Twitter, no longer is that as much of a hurdle for organizations to train and educate their staff on the necessity of this control.
While the dramatic increase of technology usage over the past few years has put the average end-user in much more danger, we’ve also been able to acquaint people to a world of security much further than just anti-virus and firewalls. The subtle education and end-user familiarization of these methods of consumer-centric security ultimately may help organizations implement these features enterprise-wide with less training and frustration that could be a big win for sustainable information security long term. Security education and acceptance, after all, will likely do more for enterprise security than any single network appliance they could install.
Mark Stanislav | Duo Security | @markstanislav
Bio: Mark Stanislav is the Security Evangelist for Duo Security, an Ann Arbor, Michigan-based start-up focused on two-factor authentication and mobile security. With a career spanning over a decade, Mark has worked within small business, academia, start-up, and corporate environments, primarily focused on Linux architecture, information security, and web application development.
Mark earned his Bachelor of Science Degree in Networking & IT Administration and his Master of Science Degree in Technology Studies, focused on Information Assurance, both from Eastern Michigan University. During his time at EMU, Mark built the curriculum for two courses focused on Linux administration and taught as an Adjunct Lecturer for two years. Mark holds CISSP, Security+, Linux+, and CCSK certifications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.