Closing the Back Door:
Responding to the Whisper Campaign
By
JD Sherry
The Information Technology (IT) industry is a huge economic driver for the world economy. Purchasing products and solutions are based not only on superior technology, but also whether you have trust and confidence in a vendor.
There’s no doubt that the ongoing whispering campaign of possible trust concerns around US-based companies and the National Security Agency (NSA) is taking its toll. For months there have been claims of unauthorized access to cloud-based data, purposefully weakened (and possibly compromised) encryption keys, and even back doors in hardware and software of US-based companies. The impact of this is that Forrester has claimed that the loss for US-based IT Service Providers in overall revenue due to the highly publicized Prism Scandal could be US$180 Billion or 25 percent by 2016.
While US-based companies and the NSA have dominated the news cycle around these concerns, Vodaphone’s report of government surveillance, including some governments having direct access to telecommunications traffic makes clear this is really a global issue. It raises questions for companies around the world who work in conjunction with governments globally.
With massive amounts of revenue at stake, you would expect that companies would be doing all they can to get in front of the issue, and for customers to confront and dispel those well-placed concerns. But that’s not happening. Actually, it’s the opposite. There are more scandals and more leaks, and no official response from the many global players.
The latest chapter in this saga is a claim that the largest security software company has been accused by China of having back doors in one of their major products. The reports go on to say that the Chinese government is banning the use of some of this company’s offerings. It’s not clear if the claims are true or not, and that’s part of the problem. With one exception, companies are being silent about these accusations, neither confirming nor denying them. This leaves their customers to speculate fact or fiction. Naturally, that’s leading their customers to assume the worst, which is a negative for both.
The notable (and praiseworthy) exception to this is Cisco. In May this year, John Chambers from Cisco stepped up and wrote an open letter to President Obama about how the NSA tampers with Cisco equipment before it is ships overseas. Granted it was after leaks, but still, bravo! This is what the IT industry should do! Be brave and be honest. Don’t be silent, and don’t try to hold back information.
In October 2013, after the Prism Scandal, the EFF and Bits of Freedom asked the IT security vendors to reply to simple questions regarding requests from governments – only a handful of companies responded. Trend Micro did. You can read our reply where Raimund Genes, Chief Technology Officer, states unequivocally that we have not and would not comply with such a request.
Trend Micro is truly a global company. Our sole focus is to protect all of our customers around the world from all threats, whatever they may be and wherever they may be coming from. Yes we work with governments and law enforcement, but always in service of protecting you, our customer.
This is an issue where there should be no competition. All companies should share this same, clear focus of putting the customer first. One way to do that is through transparency and honesty. It’s late, but not too late for those who have not addressed this head-on: respond to the EFF and Bits of Freedom request. If you have been asked by any government to insert back doors – talk with them – and remove them. Through your words and actions, stand with your peers around the world and take a clear stand putting customers first above all else.
JD Sherry is Director of Public Technology and Solutions for Trend Micro. He is responsible for providing guidance and awareness regarding Trend Micro’s entire security portfolio aimed at protecting both commercial and government cloud ecosystems. Well-versed in enterprise and data center architecture, Mr. Sherry has successfully implemented large-scale public, private and hybrid clouds leveraging the latest in virtualization technologies. Over the last seven years, he has established himself as a trusted senior advisor for the protection of Payment Card Industry (PCI), Health Information Privacy Act (HIPAA) and Personally Identifiable Information (PII) data. Mr. Sherry also has an extensive background in developing and bringing to market mobility platforms and applications. JD has spent the last 10 years in senior IT leadership roles.