Ambient Security

Writing about ambient devices and reading about Gartner Group's recommendation against investing in intrusion detection systems (IDS), I thought this might be a good time to talk about ambient security: protection that weaves into your daily life without being obtrusive.

Most of today's authentication technologies works like locked doors and intrusion detection systems works like security guards laying traps, walking rounds, and examining logs.  To enter a door, you open it with a key.  Problem with this approach is that you have no idea who might have entered the door other than you.  Likewise, security guareds have to guess whether someone who entered is an intruder or not.  You and the security guards, one clueles and the other balancing between false alarms and security with guessworks, all because information is not shared between the two.

While I was working at Arcot Systems, I came up with novel ways (read patent-pending) to solve these problems in both the real world and online.  The core idea is to give users ambient information (aka full-court awareness) necessary to actively participate in intrusion detection.

One application is to ambiently display login time and duration over past seven days during entry or while inside the protected area.  The user can usually remember last seven days of activities so they can notice and flag suspicious activities.

Another application, this time in the real world, is to print recent creditcard purchase activities visually on creditcard receipts so I can ask my wife as I sign the restaurant bill, "Honeybunny, did you go somewhere far and buy something expensive yesterday?"

People talk about abundance of processing power at the edge, but very few realize that there are even greater processing powers beyond the edge: humans.  Tapping that potential is not easy, requiring skills beyond cryptography or user interface designs, but potential ROI is huge in all aspects including user confidence.

Update: In light of ideas I presented here, Gartner's recommendation against IDS in favor of better firewalls seems pretty silly.  I wonder how long Gartner will wait before advising against firewalls in favor of something else?  Firewalls are like the guard at the gate and IDS is like the sitting in a room full of monitors.  Both are working with limited information which leave a lot of room for infiltration.

For better security, everything and everyone involved must work together as a team.  If you expect to get better security simply by getting an expensive box and flipping a switch, you got a big problem no matter where you place the box.