Science and technology

Security buzzwords to keep away from and what to say as an alternative

Technology is just a little well-known for arising with “buzzwords.” Other industries do it, too, after all. “Story-driven” and “rules light” tabletop video games are an enormous factor proper now, “deconstructed” burgers and burritos are an enormous deal in superb eating. The drawback with buzzwords in tech, although, is that they probably really have an effect on your life. When someone calls an utility “secure,” to affect you to make use of their product, there’s an implicit promise being made. “Secure” should imply that one thing’s safe. It’s secure so that you can use and belief. The drawback is, the phrase “secure” can really consult with any variety of issues, and the tech business usually makes use of it as such a normal time period that it turns into meaningless.

Because “secure” can imply each a lot and so little, it is necessary to make use of the phrase “secure” fastidiously. In reality, it is usually greatest to not use the phrase in any respect, and as an alternative, simply say what you really imply.

When “secure” means encrypted

Sometimes “secure” is imprecise shorthand for encrypted. In this context, “secure” refers to a point of problem for out of doors observers to eavesdrop in your knowledge.

Don’t say this: “This website is resilient and secure.”

That sounds fairly good! You’re in all probability imagining an internet site that has a number of choices for 2-factor authentication, zero-knowledge knowledge storage, and steadfast anonymity insurance policies.

Say this as an alternative: “This website has a 99% uptime guarantee, and its traffic is encrypted and verifiable with SSL.”

Not solely is the intent of the promise clear now, it additionally explains how “secure” is achieved (it makes use of SSL) and what the scope of “secure” is.

Note that there is explicitly no promise right here about privateness or anonymity.

When “secure” means restricted entry

Sometimes the time period “secure” refers to utility or machine entry. Without clarification, “secure” might imply something from the ineffective safety by obscurity mannequin, to a easy htaccess password, to biometric scanners.

Don’t say this: “We’ve secured the system for your protection.”

Say this as an alternative: “Our system uses 2-factor authentication.”

When “secure” means knowledge storage

The time period “secure” may also consult with the best way your knowledge is saved on a server or a tool.

Don’t say this: “This device stores your data with security in mind.”

Say this as an alternative: “This device uses full disk encryption to protect your data.”

When distant storage is concerned, “secure” could as an alternative consult with who has entry to saved knowledge.

Don’t say this: “Your data is secure.”

Say this as an alternative: “Your data is encrypted using PGP, and only you have the private key.”

When “secure” means privateness

These days, the time period “privacy” is sort of as broad and imprecise as “security.” On one hand, you would possibly suppose that “secure” should imply “private,” however that is true solely when “secure” has been outlined. Is one thing non-public as a result of it has a password barrier to entry? Or is one thing non-public as a result of it has been encrypted and solely you may have the keys? Or is it non-public as a result of the seller storing your knowledge is aware of nothing about you (apart from an IP handle?) It’s not sufficient to declare “privacy” any greater than it’s to declare “security” with out qualification.

Don’t say this: “Your data is secure with us.”

Say this as an alternative: “Your data is encrypted with PGP, and only you have the private key. We require no personal data from you, and can only identify you by your IP address.”

Some websites make claims about how lengthy IP addresses are retained in logs, and guarantees about by no means surrendering knowledge to authorities with out warrants, and so forth. Those are past the scope of technological “security,” and have every little thing to do with belief, so do not confuse them for technical specs.

Say what you imply

Technology is a posh matter with a whole lot of potential for confusion. Communication is necessary, and whereas shorthand and jargon may be helpful in some settings, usually it is higher to be exact. When you are pleased with the “security” of your mission, do not generalize it with a broad time period. Make it clear to others what you are doing to guard your customers, and make it equally clear what you think about out of scope, and talk this stuff usually. “Security” is a good characteristic, however it’s a broad one, so do not be afraid to brag in regards to the specifics.

Most Popular

To Top