As the data environment (and the technology on which it is based) becomes more complex and touches increasing spheres of life, issues relating to online security become increasingly numerous and significant.
In areas of the debate revolving around online security, there is a tendency to take technology as the start point for problem definition and thus for defining an end solution.
However, behind the data infrastructures, software and hardware on which solutions tend to be based, are the end users who operate the systems. In fact, it is often these individuals who are simultaneously the cause of the isolated problem and intended beneficiaries of the solution.
Accordingly, a significant factor in the success of any online security innovation will be the perception and behavior of the individual using it, not only in relation to the technology itself but also in relation to the data environment in which it will be used. It is, for example, possible to develop a failsafe system which will be utterly ineffectual if the individual either cannot use it or does not understand the context in which data flows or can be used.
However, understanding of how end users understand and approach technology or the online environment and conceive of the data flows, relationships, infrastructures and potential they represent is conspicuously lacking. This tends to be replaced rather by superficial assumptions as to what ‘the end user’ wants or needs.
In fact, it is apparent that the average end user has a limited model for conception of the online environment, or the technology involved, and thus has limited comprehension as to the consequences or potential of handling data. Accordingly they also have a limited template for regulating behaviour in a security concious fashion, regardless of the technology made available.
As the success of any online security enterprise depends on a combination of system efficiency and end user comprehension, a bias toward considering technological problem definitions and solutions thus fails to address the issue holistically. As online interaction becomes increasingly important, the ambit and relevance of the idea of online security expands, beyond the traditional concept of businesses or individuals protecting and controlling their own data, to a concept with relevance to the integrity of an aspect of social infrastructure. The lack of focus on the end user is thus an issue that must be addressed.