The Intersection of Privacy, Security, And Function

Dan Gregerson Summitas LLC Executive Chairman Charlotte North Carolina March 30, 2022

The Intersection of Privacy, Security, And Function

Competing imperatives around privacy, convenience and the client experience will be something wealth managers increasingly have to grapple with as technology advances. Read on for a compelling analysis of the key issues at stake.

Dan Gregerson, Executive Chairman at Summitas, LLC, offers guidance to wealth managers struggling to balance privacy, security and functionality as they upgrade their technology stacks.

This piece forms part of this publication's new report "Technology Traps Wealth Managers Must Avoid 2022", published in partnership with EY, which is available for complimentary download now.

Your digital life is like a multicellular organism; it divides and proliferates across an ever-expanding lattice of data repositories, network connections, and software machines. The corporations and organizations, including governments that have access to your data, are growing in number, sophistication, and interconnectedness. Some systems piece together fragments of our activities to create staggeringly detailed maps of our proclivities, relationships, and deeds.

The internet is becoming an extension of us; its function brings much into our lives, but we often concede our privacy and security in exchange for the benefits we enjoy. Privacy is no longer something we can assume is our right, and we need to maintain it actively.

Perhaps you’ve heard of the searcher for truth who went to visit a sage in the Himalayas. Approaching her destination, a young monk met her at the edge of a crevasse, where he pointed to a basket that would carry her to the monastery on the other side. As she situated herself in the tiny transport, she noticed two severely frayed suspension ropes.

When she turned to the monk and asked, “How often do you replace the ropes?” his response was direct. 

“Whenever they break!”

Had our protagonist been a technology executive, she would have asked a few more questions before risking life and limb. 

Understanding the threat  
Security threats should be easy to assess, and the consequences of security breaches predictable. Unfortunately, they are neither. 

A data breach or system failure causes damage that experts cannot fully anticipate because the final tally in money and reputation will result from cascading events. For example, a botched public relations effort could damage the corporate brand and lead to public outcry that inspires the government to enact new regulations. In doing so, the regulators might inadvertently dampen growth, stifle competition, and slow innovation. 

Believing is seeing. Investing in visibly functional solutions is more straightforward than in security protections against events that are difficult to assess and may never occur.

A shiny new app has obvious value, but it’s harder to get one’s head around investing in security infrastructure that’s hidden from view. Like a potential adverse credit event for the owner of a default swap, uncertainty of risk is a Sword of Damocles hanging over executives. We are often only vaguely aware of the probabilities and consequences of potential system breaches and failures, especially their downstream effects. 

Avoiding speed bumps  
Security architecture teams categorize the potential types of attacks against internet-accessible systems, like B2B SaaS. Experience tells them it’s wise to design those systems around a robust security model rather than try to bolt one on afterward. 

One of the challenges for software developers and user experience designers is to find a balance that protects security and privacy without creating too many speed bumps for users just trying to get their work done. Great collaborations between engineers and designers result in elegant, functional solutions with strong but hidden defenses.

We all know that the best way to protect information is to encrypt it. Still, one of the reasons many corporate and government databases remain in plain text is that encryption makes queries and computation extremely difficult to implement. 

For example, to perform a keyword search on an encrypted dataset, there are only a few options:

(1)    decrypt the data first, then search, then re-encrypt – an expensive solution in time and money for large datasets that pose a risk of leakage while the plain text is exposed, or 
(2)    index data before encrypting, then search the index – a more manageable solution that limits search functionality and risks data leakage via the index, or 
(3)    use “homomorphic” encryption that allows queries and other types of computation on encrypted data – a longtime goal currently hampered by slow performance and questionable real-world cryptographic strength.

Regardless of one’s approach to improving the processing of encrypted data, the solution will demand specialized knowledge and a larger budget than routine database management.

Complexity is increasing.

Rich seams to mine  
The data we care about is often in motion. It’s transiting the internet between applications that need to talk to each other, between service tiers in the same application, to and from someone’s screen and keyboard, or between nodes in a satellite constellation.

Repurposing data is now a thing. In 2020, YouTube contributors added an average of 30,000 minutes of video per minute. The original purpose of the content was to showcase individual creators and give them a voice. That’s still true, but YouTube videos are also a treasure trove for researchers studying computer face and object recognition, depth perception, and behavior.

Like most data, a YouTube video that’s not in motion is less valuable than one that is. Videos are valued when watched, and in general, information is useful when informing our thought and decisions.

Modern computing poses unique risks for people of wealth. Sophisticated cybercriminals prize their financial data, calendars, contacts, agreements, communication, and whereabouts, and guarding them is a service we can no longer ignore.

We are active participants in our connected, data-rich world. We use our internet devices to lock doors, stream music and video, check security camera footage, set temperature and lighting, and communicate with family, friends, and barely known social contacts. 

Alexa and Siri are learning to handle more of our requests, and soon, our cars will be driving us to work and safely returning our kids from their high school proms, regardless of their state of inebriation. 

The phones, laptops, and other devices we depend on record our preferences and track our health, movements, financial transactions, social circles, relationship status, income, education, media consumption, voices, schedules, interests, and political affiliations. Companies like Amazon, Apple, Facebook, Google, and Twitter are monetizing their knowledge of us and sharing it with advertisers, governments, affiliated service providers, and law enforcement.

If you’ve been to Shanghai or Beijing recently, cameras affixed to thousands of buildings, streetlights, and signs stream video and audio to AI systems that record your path, recognize your face, and learn your habits. That information is married to every financial transaction, search query, and message you author to assign a social score.

The dark side of competition    
The world’s brightest engineers and researchers tend to congregate in universities and high-tech R&D departments where the focus is often innovation, not security. Industries react to technological advancements by seeking ways to leverage them before others do. It’s like the game of “hand slap,” where the person attempting to strike the other’s fingers has a first-mover advantage. R&D competition sometimes leads to unintended consequences. The number of hacked cars, home video cameras, etc., is correlated to how connected they are to the Internet and how little the innovators thought through the security implications of controlling someone’s steering, brakes, or home surveillance systems. 

If you are a searcher for truth, find out about the security, privacy, and data integrity of the systems protecting your clients and running your business. And before one rope frays and eventually, breaks, find out in advance that the second one will support you until you are safely across the chasm.

About Summitas  
Award-winning Summitas Platform® helps wealth managers enhance client engagement with an unsurpassed combination of security, privacy, and flexibility. Keep confidential information, financial documents, and everything else clients need at their fingertips in an easy-to-use portal that facilitates communication and collaboration. Protect it all with controlled access and cryptography. And maintain a consistent client experience regardless of changes to back-end systems and third-party software. 

Register for FamilyWealthReport today

Gain access to regular and exclusive research on the global wealth management sector along with the opportunity to attend industry events such as exclusive invites to Breakfast Briefings and Summits in the major wealth management centres and industry leading awards programmes