Technology
The Intersection of Privacy, Security, And Function
Competing imperatives around privacy, convenience and the client experience will be something wealth managers increasingly have to grapple with as technology advances. Read on for a compelling analysis of the key issues at stake.
Dan Gregerson, Executive Chairman at Summitas, LLC, offers guidance to wealth managers struggling to balance privacy, security and functionality as they upgrade their technology stacks.
This piece forms part of this publication's new report "Technology Traps Wealth Managers Must Avoid 2022", published in partnership with EY, which is available for complimentary download now.
Your digital life is like a multicellular organism; it divides and proliferates across an ever-expanding lattice of data repositories, network connections, and software machines. The corporations and organizations, including governments that have access to your data, are growing in number, sophistication, and interconnectedness. Some systems piece together fragments of our activities to create staggeringly detailed maps of our proclivities, relationships, and deeds.
The internet is becoming an extension of us; its function brings much into our lives, but we often concede our privacy and security in exchange for the benefits we enjoy. Privacy is no longer something we can assume is our right, and we need to maintain it actively.
Perhaps you’ve heard of the searcher for truth who went to visit a sage in the Himalayas. Approaching her destination, a young monk met her at the edge of a crevasse, where he pointed to a basket that would carry her to the monastery on the other side. As she situated herself in the tiny transport, she noticed two severely frayed suspension ropes.
When she turned to the monk and asked, “How often do you replace the ropes?” his response was direct.
“Whenever they break!”
Had our protagonist been a technology executive, she would have asked a few more questions before risking life and limb.
Understanding the threat
Security threats should be easy to assess, and the consequences
of security breaches predictable. Unfortunately, they are
neither.
A data breach or system failure causes damage that experts cannot fully anticipate because the final tally in money and reputation will result from cascading events. For example, a botched public relations effort could damage the corporate brand and lead to public outcry that inspires the government to enact new regulations. In doing so, the regulators might inadvertently dampen growth, stifle competition, and slow innovation.
Believing is seeing. Investing in visibly functional solutions is more straightforward than in security protections against events that are difficult to assess and may never occur.
A shiny new app has obvious value, but it’s harder to get one’s head around investing in security infrastructure that’s hidden from view. Like a potential adverse credit event for the owner of a default swap, uncertainty of risk is a Sword of Damocles hanging over executives. We are often only vaguely aware of the probabilities and consequences of potential system breaches and failures, especially their downstream effects.
Avoiding speed bumps
Security architecture teams categorize the potential types of
attacks against internet-accessible systems, like B2B SaaS.
Experience tells them it’s wise to design those systems around a
robust security model rather than try to bolt one on
afterward.
One of the challenges for software developers and user experience designers is to find a balance that protects security and privacy without creating too many speed bumps for users just trying to get their work done. Great collaborations between engineers and designers result in elegant, functional solutions with strong but hidden defenses.
We all know that the best way to protect information is to encrypt it. Still, one of the reasons many corporate and government databases remain in plain text is that encryption makes queries and computation extremely difficult to implement.
For example, to perform a keyword search on an encrypted dataset, there are only a few options:
(1) decrypt the data first, then search, then
re-encrypt – an expensive solution in time and money for large
datasets that pose a risk of leakage while the plain text is
exposed, or
(2) index data before encrypting, then search
the index – a more manageable solution that limits search
functionality and risks data leakage via the index, or
(3) use “homomorphic” encryption that allows
queries and other types of computation on encrypted data – a
longtime goal currently hampered by slow performance and
questionable real-world cryptographic strength.
Regardless of one’s approach to improving the processing of encrypted data, the solution will demand specialized knowledge and a larger budget than routine database management.
Complexity is increasing.
Rich seams to mine
The data we care about is often in motion. It’s transiting the
internet between applications that need to talk to each other,
between service tiers in the same application, to and from
someone’s screen and keyboard, or between nodes in a satellite
constellation.
Repurposing data is now a thing. In 2020, YouTube contributors added an average of 30,000 minutes of video per minute. The original purpose of the content was to showcase individual creators and give them a voice. That’s still true, but YouTube videos are also a treasure trove for researchers studying computer face and object recognition, depth perception, and behavior.
Like most data, a YouTube video that’s not in motion is less valuable than one that is. Videos are valued when watched, and in general, information is useful when informing our thought and decisions.
Modern computing poses unique risks for people of wealth. Sophisticated cybercriminals prize their financial data, calendars, contacts, agreements, communication, and whereabouts, and guarding them is a service we can no longer ignore.
We are active participants in our connected, data-rich world. We use our internet devices to lock doors, stream music and video, check security camera footage, set temperature and lighting, and communicate with family, friends, and barely known social contacts.
Alexa and Siri are learning to handle more of our requests, and soon, our cars will be driving us to work and safely returning our kids from their high school proms, regardless of their state of inebriation.
The phones, laptops, and other devices we depend on record our preferences and track our health, movements, financial transactions, social circles, relationship status, income, education, media consumption, voices, schedules, interests, and political affiliations. Companies like Amazon, Apple, Facebook, Google, and Twitter are monetizing their knowledge of us and sharing it with advertisers, governments, affiliated service providers, and law enforcement.
If you’ve been to Shanghai or Beijing recently, cameras affixed to thousands of buildings, streetlights, and signs stream video and audio to AI systems that record your path, recognize your face, and learn your habits. That information is married to every financial transaction, search query, and message you author to assign a social score.
The dark side of competition
The world’s brightest engineers and researchers tend to
congregate in universities and high-tech R&D departments
where the focus is often innovation, not security. Industries
react to technological advancements by seeking ways to leverage
them before others do. It’s like the game of “hand slap,” where
the person attempting to strike the other’s fingers has a
first-mover advantage. R&D competition sometimes leads to
unintended consequences. The number of hacked cars, home video
cameras, etc., is correlated to how connected they are to the
Internet and how little the innovators thought through the
security implications of controlling someone’s steering, brakes,
or home surveillance systems.
If you are a searcher for truth, find out about the security, privacy, and data integrity of the systems protecting your clients and running your business. And before one rope frays and eventually, breaks, find out in advance that the second one will support you until you are safely across the chasm.
About Summitas
Award-winning Summitas
Platform® helps wealth managers enhance client engagement with an
unsurpassed combination of security, privacy, and flexibility.
Keep confidential information, financial documents, and
everything else clients need at their fingertips in an
easy-to-use portal that facilitates communication and
collaboration. Protect it all with controlled access and
cryptography. And maintain a consistent client experience
regardless of changes to back-end systems and third-party
software.