Last night I stayed in a hotel that uses a sensor to switch on the bathroom light. This morning, halfway through my shower, the lights went out. It seems the movement sensor does not cover the shower cubicle. Standing there in the dark, I was pleased I had entered the rinse cycle and so did not have to apply any great skill to complete the shower in the dark.
In the darkness, my thoughts set off in all directions. Was this a deliberate ploy by the hotel to let guests know that they had exceeded the standard time for showering? Did the strategy of using sensors actually save money? In an automated world would resources be shared using robotic processes based on standard performance times? Would the bathroom sensor be better served using sound rather than movement, a simple clap switching the lights back on? Better yet with voice could I have summoned Alexa to switch back on the lights?
On reflection, the use of sensors, whether a pretty dumb one like this one or a more “intelligent” one as envisaged by the internet of things, relies on an element of trust. This applies to IT more generally – the more networked we are the more we are making trust choices, many of them without any thought at all.
Convenience versus security
To establish trust we generally do some due diligence. This does take time and often we will skip this in exchange for convenience.
In the most networked of environments, like the internet, how many of us actually read documents like privacy statements and the terms of use of a website before proceeding? The speed of interaction using mouse clicks is often not going to be hampered by such formalities. I’m sure most of us do this on a risk-adjusted basis. We would not, for example, file particularly sensitive information on a site without some level of due diligence beyond clicking yes.
In the workplace, our trust is perhaps more guarded than at home, particularly when using the internet. However, this is less so behind closed doors and the company firewall. We tend to trust that whoever set up the file folder structure on our shared drives, or our applications, has set up the right permissions. Though it may be possible with some effort to find out who these access rights have been granted to, we generally find it more convenient just to hit file and save.
Most people have had an unfortunate experience with filing documents in a location that they thought was “secure”, only to find it was shared with a wider audience than intended. I still recall today an incident from the 1990’s when I worked for a multinational in the USA where the head office had set up a network for the US operations. I, based in Boston, had filed our management reports, only to find that a colleague from an unrelated subsidiary in San Francisco had enjoyed them as his breakfast reading that same morning. He called me to share his thoughts on them.
In the battle between convenience and security, the former is often the winner. Seldom is anyone made a hero for making a system more secure but slower.
We want both convenience and security.
Out of the darkness
Wouldn’t it be nice to have a button we could press that told us who would be able to access the document as we filed it? We would not have to use the button every time we filed something but it would always be there if we had a concern.
Before we release new versions of our Invu document management system, we live test them internally. Our latest release has a ‘GDPR’ button. This allows me to see who can access the documents in the locations I am filing them. The first time I used the button it provided some visibility that made me feel like I had previously been working in the dark. The good news is that permissions can easily be reset and with the audit trail provided in the software we can easily see who has accessed each of the documents. In this particular case, no harm done.