Tatiana Platt, chief trust officer and senior vice president of America Online, carries the reputation of the AOL brand on her shoulders. Security has become a core component of ensuring the integrity of that brand. CSO spoke to Platt recently about her title, online security and the challenges of communicating security to children, retirees and everyone in between.
How did the role of chief trust officer evolve at AOL?
How have you influenced AOL's security posture?
Before the latest product incarnation (AOL 9.0 security edition), the challenge was convincing the organization that putting money into security is a good thing. AOL has taken the position that security is a necessary evil. Our consumers are telling us that security is important to them, but they want AOL to do it for them. The National Cyber Security Alliance and AOL did a joint study where they asked consumers whether they had antivirus and firewall protection, and then went to people's computers to see if there was a difference between reality and their perception of how safe they thought they were. The difference was huge. People think they have protected themselves, but they're not updating.
How has the changing security environment affected your work?
As threats have changed, so has the work and focus of the department. We've needed to come up with different ways to educate the user. My group does a lot of prioritizing. If we only have one inch of text on the AOL welcome screen or 30 seconds in a TV ad, with the hope that the consumer retains some shred of themessage, what should we focus on? Our consumers are everyone from parents to children to college students to seniors, and we want to create a product that is easy for all age groups to use.
What message do you think you'll be trying to convey to users a year from now?
I'd like to say we're moving in the direction where the big players will start offering consumers one-stop shopping; security will be built into the product. I think the answer is second-factor authentication. Online banks are starting to offer hard token authentication in addition to passwords; two to three years from now, it's going to be pretty commonplace. It's going to take a lot of coming together to get systems that will work across multiple sites, but when we do, the phishers will go out of business. Maybe instead of looking at an ad that says, "Got milk?" it'll say, "Got secure ID?"