Skip Navigation
BlackBerry Blog

Respecting Privacy, Safeguarding Data, and Enabling Trust

NEWS / 01.27.16 / Malcolm Harkins

Trust is a function of two factors: competence and character. These attributes are demonstrated not only by us as individuals, but also by the organizations we belong to and represent.

It is important to note that competence is more than just having skills or knowledge. Competence requires the ability to execute - to deliver the promised result, with no compromises and no excuses. Character is all about the choices we make in our day-to-day lives, and the behaviors we exhibit as a result of those choices compounding over time. Abraham Lincoln once said, “Character is like a tree and reputation is like its shadow. The shadow is what we think of it; the tree is the real thing.” 

Why is this important when addressing cybersecurity? And why do these things matter now more than any other point in the history of computing?

In the past year, we have hit the tipping point where anything and everything with power is becoming IP addressable. Everything with the power of computing has started communicating. The fabric of everything we use in our daily lives is becoming ever more integrated with technology. Society’s well-being is increasingly dependent on vulnerable technology – which every day is being exploited to cause harm, either through intent by malicious threat actors/agents, or through mistakes made by the unintentional or uninformed actions of end users. 

Given the cycle of risk we’ve seen over the past several years and the potential catastrophic societal implications of an attack on critical infrastructure, we must all be ready to be held accountable. This may be a large mental shift for a population used to simply delegating responsibility (and subsequent blame) for a hack or data breach to the people who traditionally perform post-attack cleanup – the corporate IT departments, the internal information security team, or the investigations and computer forensics teams. We must all step back and contemplate our own personal responsibilities, not only to the organizations we work for and the customers we serve, but also to society as a whole.

For computing to continue to improve the world we live in rather than endangering it, it needs to be trustworthy. And for that trust to be deliverable, we need to ensure the data we enter into our computers is both secure and private. One of the more vexing challenges we face as an industry is the great debate between security and privacy. I have said many times in both public and private that many in the security industry are “color blind” or “tone deaf” to privacy. They think if you have security, you therefore have privacy. This couldn’t be further from the truth.

Imagine security and privacy as two magnets. When turned one way they are perfectly unified. We need (cyber) security in order to have (data) privacy, but if security goes too far or does not respect the core principles of privacy, security can in fact destroy privacy, and with it goes trust. Conversely, if privacy is less than practical or stays too ethereal or academic, it will not be grounded sufficiently in technological practicality to properly protect individuals. Privacy or security done wrong will stifle innovation and cause a stalemate in the very progress that was meant to enable us to freely use technology.

If either of these takes the wrong approach, it is like turning the two magnets so the polarity repels rather than attracts. In the latest 2016 ISACA Security Snapshot report, which surveyed over 3,000 IT and cybersecurity professionals worldwide, 55% of those surveyed reported that they believed privacy is being compromised for the sake of cybersecurity. Privacy and security are not values to balance or trade between each other. They are both vital values that we must always pursue in tandem.        

Introducing Data Privacy Day

Data Privacy Day (DPD) is an effort to empower people to protect their privacy, help control their digital footprint, and escalate the protection of privacy and data as everyone’s responsibility. Held annually on January 28th, Data Privacy Day aims to increase public awareness of privacy and data protection issues among consumers, organizations, and government officials.

I am proud to tell you Cylance understands the contours of the conversation that frames the security and privacy challenge. We have always pursued security and privacy in tandem, as two equally vital attributes. We deliver the real results and real trust that are so badly needed in the networked and connected world we live in today.

We demonstrate our competencies to deliver this trust in the design, functionality, and implementation of our flagship product CylancePROTECT®. As we demonstrate day after day on our Unbelievable Tour, CylancePROTECT works to prevent malicious code from ever executing. But unlike many of our competitors, we don’t “bulk collect” megabytes of data daily from the endpoints our products protect. We do not store and analyze customer data in ways that could compromise the end-user’s privacy, because our technology proactively prevents malicious code from ever executing without the need to create signatures or collect significant amounts of data to do behavioral analysis.

Cylance promises privacy by design not only in the architecture of our agent, but also in the secure controls deployed in our use of the cloud for the CylancePROTECT console.

As an organization, we demonstrate trust through the character we display in our approach to solving these cyber risk challenges. More importantly, since I have come to Cylance I can tell you I have seen consistently that both our management and our individual employees strive to do the right things for the right reasons, in both the personal choices we make and the trust we imbue in each of our products.

Breaking someone’s trust is like crumpling up a perfect piece of paper. You can work to smooth it over, but it will never be quite the same again. Trust can be fragile but it can also be durable. Cylance plans on being durable. Our goal is to continue to blaze the mission we have undertaken: protecting every endpoint on the planet. If we do this, we can help the entire technology industry enrich the lives of computer users worldwide, properly protecting them with both security and privacy.

And more importantly, we can rest assured that we can finally trust the technologies that have become so central to all of our lives.

Cylance can and will deliver unparalleled protection to endpoints. This will, in turn, generate durable trust in the technology the world uses every day. Why? So tomorrow is better than today. Because it is what we do. It is who we are.

Malcolm Harkins

About Malcolm Harkins

VP Chief Security & Trust Officer at Cylance

As the global CISO at Cylance, Malcolm Harkins is responsible for all aspects of information risk and security, security and privacy policy, and for peer outreach activities to drive improvement across the world in the understanding of cyber risks and best practices to manage and mitigate those risks. Previously, he was Vice President and Chief Security and Privacy Officer at Intel Corp. In that role, Harkins was responsible for managing the risk, controls, privacy, security and other related compliance activities for all of Intel's information assets, products and services.