Never Having to Say You Are Sorry is True IT Security

ReputationThe latest company that has had to do a public mea culpa regarding security is the social media darling Snapchat. Not like it was something they readily jumped on considering the ‘apology’ came yesterday, a full week plus removed from the New Year’s incident that exposed about 4.6 million of the 8 million users’ usernames and phone numbers.

cnet reports

Love is supposed to mean never having to say you’re sorry. But Snapchat has expressed both love and apologies for a bug that caused headaches for the millions of users whose names and phone numbers were exposed unexpectedly.

In a blog post on Thursday, Snapchat said it was “sorry for any problems this issue may have caused.” The team also revealed a couple of changes to its Find Friends feature to better protect the phone numbers of Snapchat users.

The exact wording of the admission goes like this from the blog post referred to above.

Find Friends Improvements

This morning we released a Snapchat update for Android and iOS that improves Find Friends functionality and allows Snapchatters to opt-out of linking their phone number with their username. This option is available in Settings > Mobile #.

This update also requires new Snapchatters to verify their phone number before using the Find Friends service.

Our team continues to make improvements to the Snapchat service to prevent future attempts to abuse our API. We are sorry for any problems this issue may have caused you and we really appreciate your patience and support.

Love,

Team Snapchat

It comes off as a little disingenuous but it depends on your point of view. As a company that is in the online space (which is just about everyone to some degree or another) how much of an admission or apology should be offered for security breaches? Is it strictly dependent upon the sensitivity of the data compromised? Is it done if there is enough of an uproar?

In the end, security from the IT perspective is becoming more of a company reputation issue than ever before. Are you, as an IT professional, considering the damage to your company’s reputation when you are crafting IT solutions? If you cut a corner that might result in a cost savings in the short term but could create a problem that could cost recurring revenue when users turn away due to security breach?

IT is not so much about speeds and feeds these days. It’s about business.