As with many other things in life, you can imagine internet technology as a giant pendulum that swings back and forth between multiple trends over the years. First, we had the web’s openness, where everyone was friendly and trying to make networks and information reach as far and as wide as possible. The whole internet was built to expand communication, exchange information, and make things more open. Then over the years came the business which used that openness to get more leverage and get bigger. Those businesses were trying to out-compete each other and liked to keep things closed for “business advantage,” and so the era of closeness and opaqueness started. But like most pendulums, it will swing back, and now we’re getting back into the transparency and openness era once again.
With today’s security requirements, increase reliance on technology, and the need for information security to keep us all safe, transparency is making a big come back. In general, security gets a lot better when it’s transparent, especially when it comes to processes and protocols; since then, everyone can participate. Security is not the only place affected this time with the need for transparency. In our current state of increased remote work across multiple industries, we see transparency as a big booster. It helps teams perform better and be more effective in their jobs.
Nearly all aspects of security can benefit from openness and transparency, contrary to previous beliefs. From disclosure to the protocols themselves, the more open we are, the stronger those systems will become. The reason for this is simple math, the more researcher you get to look at some code base or protocols, the higher the chance they will find vulnerabilities. One of the biggest reasons for this is that it’s nearly impossible to find your code’s problem because of bias, immersion, and how our mind works. It’s the same with finding typos in our writing; it’s hard because our mind often read what it thought we wrote, not the actual words. That’s why external programmers or people less immersed in the code will usually have a wildly different point of view and find new possible issues. That can also work on other levels, sometimes just the tools used or the angle someone takes while researching might yield new holes and problems. That’s why diversity is crucial to this line of work.
That sort of diverse perspective and research is especially crucial for core parts of the internet’s infrastructure and our technological lives. Protocols like WiFi, LTE, 5G, Bluetooth are required to be as bulletproof as we can make them since they’re the backbone on which we build everything else we depend upon. Sadly, not all of their specs and documents are open and can be looked into by researchers or not without expensive fees, which reduces the possible numbers of people. That sort of security by obscurity will nearly always backfire in the long run, as we’ve recently seen with significant flaws in almost all of those protocols, even sometimes in their newest version. The responsibility then fell on the manufacturer or software vendor to patch those flaws as fast as possible before we get mass exploits in the wild. In contrast, testing or design revision could have prevented them from early on.
Protocols are not the only thing that requires more transparency. Data collection and the use of that data also needs to be more transparent. Some aspect of that is getting changed for the better with laws like GDPR and other related laws. For the longest time, data was collected on people from as many sources as possible without being transparent about it. Thankfully laws are now being put in place in various countries are trying to re-balance this collection by forcing companies to be more transparent about it. Doing this also helps everyone’s overall security, especially when breaches happen. If you know what data the company had, you can more easily protect yourself from possible misuses of your information leaked in the breach.
The possibility of being forced to reveal a breach publicly and its implication can also act as a strong motivator for companies to take security more seriously in general. There always have been difficulties making security seem valuable vs. product or marketing in part because nothing happens if it works. If your security is on point and as good as possible, nothing will happen, no breach, no hole, etc. instead of development teams that work and bring money in. With a switch to more transparency, this should also change since there’s an actual possible cost to lousy security, either in PR or fines, so it should help everyone take it more seriously.
Remote offices and work is another big spot where transparency is critical and is making a comeback. To work effectively, remote teams require even more robust and more transparent communication in general. There are many reasons for this, but mainly since they can’t rely on “watercooler talk” and other informal ad-hoc exchange and can’t see each other’s availability and work, they need to communicate those things. Remote teams need to rely more on transparent communication channels to exchange and know what everyone is up to. Having a single source of truth is vital, as I’ve discussed before in What unique ideas can basecamp teach us about thriving remotely, but that’s not limited to documentation and announcements; it should also include workload and tasks. Having a single globally visible “bulletin board” where everyone can see what everyone is up to is also important for management and idea exchange. With this system, you know if someone is working on an important task with a short deadline, and you shouldn’t give them more jobs or disturb them with questions.
There’s also the transparency of availability for things like questions and help and generally available and working. Since you can’t see your teammate getting up and leaving or coming in the office in the morning, it can be hard to know when they’re available unless it’s transparent. Being clear about communication channels, time, and availability is one of the essential things with remote work to help effectiveness and allow everyone to keep a clean separation between work and home. Without that transparency, you might get communications and requests outside of your working hours, which in turn disturbs not only your plans but that necessary separation between “home time” and “work time.” Breaking that separation too often can negatively impact your mood and brain capacity to rest and recover for the next day.
Another aspect of this is management, which gets more tricky and more challenging when done remotely. If you’re not transparent about how you manage people, your expectations, and processes, there’s a big chance things will get lost. Communication without being face to face can get tricky, and lots of the subtlety and cues humans rely on get lost in translation. Some of those lost cues can be replaced instead with clear communication beforehand. You can replace some of those cues if you’re transparent about the expectations, requirements, and needs for tasks. That way, they know what to expect from you, which prevents many misunderstandings from happening in the first place. Having a communication guide can be enough for this purpose. Letting everyone know “I expect this, this and that” and “this is how I will give feedback” can go a long way in being more transparent when working remotely and not always being face to face.