Accessibility. Maybe Acme Digital Warehouse can sell me on the idea that they'll organize all my data, my music, my photos, my digital identity for me, but first they're going to have to sell me on the idea that they're going to look after it properly -- again, we're back to trust. Facebook learned this recently after a customer backlash regarding their use of subscribers' shopping data, and to give them credit they seemed to learn quickly and sort out the problem equally fast. They're also learning that access control needs to be increasingly finer-grained as they give more access. I actually have more detailed control over access to my Facebook profile than I ever had over access to confidential data in the last few companies I worked for, and more and more Facebook users are making use of these features.

Findability. When there are millions of options, being able to find the right one for you is valuable. This is why one of the most valuable tech companies in the world is Google, a company originally founded to help you find things. This is nothing new: sales, marketing and advertising teams have always known that unless people know your product exists, no one can possibly buy it.

But if a fundamental principle of marketing is Findability, a fundamental principle of security is Confidentiality. There couldn't be two more diametrically opposed principles, and in security we have a whole array of tools designed to hide, to conceal, to protect, to guard against people ever finding out what we know. These are exactly the "skills of hoarding and scarcity" that Kelly labels as obsolete.

So is Confidentiality obsolete? No, though maybe we need to ease up a bit. There are still and always will be secrets in commerce -- a company's financials just before results day, personal data covered by a person's reasonable expectation of privacy, the recipe for the secret sauce -- but far fewer than we might think. I remember vividly a meeting I once attended as part of a data classification scheme implementation: labelling types of data as 'public', 'confidential', 'secret' and so on so that it can be protected appropriately. The longer the meeting went on, the more got labeled as secret, until eventually it seemed that everything in the company was secret and perhaps you'd need special clearance to find your way to the coffee machine.

The truth is that most 'secrets' aren't, and needn't be. The acid test for 'secret' should be "who wants it, what can they do with it, and will that hurt me?". The company's financials before results day clearly are secret -- every investor wants it, every investor can profit from it, and you'd better believe that when your regulators find out you let that information go, it's going to hurt you. Similar arguments can be made for personal data, but for so many other 'secrets' you can't find an answer to one of those three questions. Someone wants your data, and it won't hurt you? Fine, give it to them! Give it willingly, give it enthusiastically, then go back and see what they've done with it and half the time you'll either make a new customer or find a new, interesting thing you can do with your data. Either way, both sides win.

For the majority of these generatives, we already have the skills to do what needs to be done. What we need to do is change the way we think about security. We need to remember that the good guys pay our wages; we need to remember that trust underpins every deal, and we are the brokers of trust; and when it comes to confidentiality and authentication, sometimes a little of a good thing is quite enough.