We are t-minus 71 days to Brexit and the unknown looms with unpredictability. Will closed borders and pricey artichokes (fun fact: the UK imports 98% of its artichokes from the EU) shape the UK
The internet is global so whether countries build brick-and-mortar walls or place restrictions of human movement across geographic boundaries, information will continue to flow across our almost fully borderless digital world.
While governments can implement border controls and watchlists to monitor the movement of criminals who commit ‘physical’, non-digital crimes, cybercriminals can waft past these security mechanisms because cybersecurity needs different systems in place to manage digital misdemeanors. There are global standards for example, for money laundering, as well as human rights’ Standard Minimum Rules for the treatment of prisoners.
Whatever your stance on Brexit, in or out, the EU has provided its citizens with a set of standards by which we can travel, conduct trade and deem what level of carbon emissions are justifiable. The fundamental point of any type of standard is that it ensures consistency, sets the bar for what acceptable (if not necessarily ideal) looks like, and enables interoperability.
So when the internet emerged, the good and the great deemed it necessary for internet-governing standards to be levied, global standards that attempt to ensure your time online is as secure as possible.
Ubiquity of standards
Just as an individual in the UK, will search for a Gas Safe Registered tradesperson (previously CORGI) before commissioning gas-related work at their home, most government agencies will also expect a potential provider of IT supplies to comply with a list of accreditations and cyber security standards.
In our everyday lives, there are standards for drinking water, building, advertising, and organizations working in these industries will comply with the requirements if they’re to legally operate in the market. Similarly, in the digital world, standards such as Transport Layer Security (TLS) exists to ensure secure end-to-end communications (the only way that secure eCommerce exists today). Another well-known standard is the ISO 27001 specification which is part of a larger framework for information security management, that many credit with the world-wide improvement of organizational security and risk management.
The reason for these technical standards, as well consumer standards is that they provide the user of the service with a sense of assurance. You’re more likely to make a $100 purchase from a website that has an SSL certificate than not; as head of procurement for a financial institution, you’re more likely to partner with a supplier that is ISO 27001 accredited. These standards enable you to quickly identify which provider to use, helping to speed up the evaluation and purchasing processes.
Standards become standard practice
Clearly standards aren’t a new phenomenon, but the reason we’re talking about this today is that we’re seeing the pace of development of standards increase in the realm of cybersecurity. We’ve witnessed the list explode, from a handful of standards to a raft of them in just a few years (do CSP, DMARC, ARC, MTSC, Expect CT ring any bells?) because vendors are beginning to recognize that this has to be the future for global cybersecurity best practices.
Baking standards into technology solutions levels the playing field – it can make it easier to communicate with other solutions using the same standards as well as making it easier for your clients and prospects to shortlist you.
TLS only worked because all financial organizations agreed to use the protocol, so as more technical standards filter into the cybersecurity sphere, more vendors will need to adopt the standards in order to secure the (almost) borderless internet in which we work and play. We’re advocates of a standards-based security system as this not only helps to democratize cybersecurity solutions for all, rather than uphold a more money = better protection model, but it also indicates that the players in the industry are in fact contributing to safer online world.
If you have any questions about any of the security standards written above or other queries surrounding the technology, please get in contact with one of the Red Sift team!