I believe everyone has a role to play and a responsibility to support steps for securing data. It is, after all, OUR information. To succeed, a data security revolution must be a community effort resulting in the development of an entire ecosystem, with standards, communication, and an open architecture.
Consumer demands bring attention to the problem and ultimately will drive features. Regulatory bodies, dare I submit, can enact requirements which mandate changes to technology capabilities. Hardware and firmware vendors are important in order to support new architectures. Data management and processing organizations must be on-board to insure interfaces and storage formats of data are compatible. Operating system and application writers are key players to utilize and enforce such controls at the host system and repository levels. They develop the products which engage the user.
The information security communities are the expert advocates. They must analyze the situation, stimulate conversations, guide changes, and engage in value assessment discussions to become the sharpened spearhead which leads the charge forward. Traditional and social news media should also contribute to overall education and public awareness. They must go beyond just reporting the breaches, failures, and losses. We are at risk of becoming numb at all the stories, without a meaningful reference point or perspectives of significance which show how the situation can change. The public must be better informed to the root problem, the industry opportunities, and the dark truth of where apathy will lead.
I would like to see a consortium formed with major players and international standards bodies to establish a framework for development. Government, privacy, commercial, academia, technology, and security representatives should be represented at the very least. Critical mass with the aforementioned groups must be established before enough traction motivates a commitment on behalf of lead players to allocate initial resources. Alternatively, assertive academic bodies could work together and take a first step by developing recommended standards, architectures, and proof-of-concept systems.
Although some pieces to the puzzle are out there, we don’t even know what the picture is supposed to look like and no guarantees the available parts will or should be brought together. Boldly, I believe we must enforce a tabula rasa to nurture a fresh start, otherwise risk poisoning from our natural presumptions of what we believe we know. It may not be the most popular sentiment, but adopting refined solutions and attempting to bolt them together is a mistake. Instead, we take the learned and proven principles of those solutions and integrate them at a strategic level to eventually lead us to workable end solutions.