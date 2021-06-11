By Uri Bar-El, Senior Vice President, Global Head of Cyber Security Practice, Qualitest Group

The recent web outages experienced by millions of users this week served as an unfortunate reminder of a key aspect of quality and security alike: our massive dependency on the functionality and availability of digital services. Issues with the content delivery network at Fastly, a cloud computing services firm, had repercussions across major websites, including Amazon, The Guardian, Reddit, and even official British government sites.

The bug that caused the outage was buried in a software update and had gone unnoticed during pre-release testing. The flaw allowed a single customer to change a setting that affected the entire network across the world. This is an extreme example of the butterfly effect writ large over our highly-connected digital ecosystem.

Cybersecurity is not just a data protection issue

Discussions around digital security focus primarily on maintaining data confidentiality, overlooking the equally important facet that our daily lives are now almost fully dependent on the availability of our online services. This includes normal, day-to-day activities -- from streaming or reading our favorite content, communicating with our friends and family, and checking our bank account.

While most consumers can “survive” (and, some might argue, thrive) without these services for short periods, outages are disruptive and cannot be allowed to become regular events. Outages like this cause economic damage to small and medium-sized businesses that sell products on Amazon, for example. According to Oberlo, more than 4000 items per minute are sold on the platform by SMBs in the U.S. alone. An outage of 60 minutes translates to loss of more than 240,000 product sales in the U.S. if those customers jump to another platform to make their purchases.

In an ever more crowded marketplace for products and services, quality has become increasingly important to consumers, so it has become a key interest and concern of service providers and manufacturers. Nowadays, quality and security cannot be separate topics. After all, what service can be considered of good quality if it is not secured and if people cannot rely on these services to be there when they are needed?

Who is responsible for security?

With quality and security being in such high demand from consumers, security has become a business issue, rather than just an IT-related risk. Therefore, discussions about IT have leapt from the basement to the boardroom. One key question is, “Are enough service providers accepting the importance of quality and security?”

While the answer to that question is debatable, it leads to another equally important question, raised specifically in regards to the recent outage due to the Fastly bug: “Who is responsible for implementing security throughout the services that surround us?” There are three potential answers.

Consumers: Is it the responsibility of consumers to consume these services securely? Should they shoulder the blame when something they do online leads to a platform-wide problem?

Service Providers: Is it the responsibility of the service providers to ensure their services are at the level of quality that consumers expect them to be? Is offering a good quality service enough in the current digital space?

Governments: Or is it the role of governments and regulatory institutions to set the rules for how service providers should deliver their services?

The answer is a combination of all three. Consumers need to acknowledge that the services they consume are never free (data and privacy rights are a type of currency), and therefore, they have the right to demand quality and security as inherent “functionalities” of digital products and services. It is also the role of the service providers to ensure they honestly deliver on their promises, and that they understand and respect the impact a breach in confidentiality or in the availability of their services has on consumers. Finally, it’s also the role of governments to catch up with technology and implement legally binding frameworks to support these justified demands for quality and security.

Improved quality means improved security

As consumers work together with service providers and governments to assure the quality of the interconnected digital ecosystem, security will improve as well. Conversations about security must no longer be seen as relegated to IT -- they are issues that affect the bottom line of businesses and the day-to-day functions of governments.

Quality and security are inseparable, and it will take the efforts of everyone to make sure that “good” is never “good enough” when it comes to achieving sustainable stability for the global economy.

About Uri

Uri Bar-El is Senior Vice President and Global Head of Cyber Security Practice at Qualitest Group. He has been working in the cyber security field for over 20 years. As a security veteran, he is a highly respected authority on the subject around the world, with unique access to the thriving Israeli cyber tech and skills hub. Uri is a world-renowned and often-quoted expert and advisor to CXOs on cyber strategy and execution. He is a former Managing Director of Comsec, a leading London-based global cyber security firm, and has also built several security practices for Fortune 100 brands.

