Industrial vs. consumer security

As cipher and encryption algorithms have developed over the years, the gap between corporate and consumer security has grown increasingly wider. Rather than attributing this deficit to the huge IT budgets allotted by many companies, the gap more closely correlates to the amount of exposure an entity has to external authentication systems. Business users normally require only a small number of authenticated sessions, as modern business networks rely on protocols such as LDAP or Active Directory to link user profiles, email accounts, file permissions, etc. to a single login. Consumer, on the other hand, need separate logins for each email service, blog, forum, or other messaging or subscription service they use. Because no reliable standard for such cross-site authentication exists, the consumer has no way of knowing what degree of security, if any, is in place to protect their personal information. Many sites still store users’ passwords in plaintext, which is an enormous security flaw in and of itself, as the consumer uses the same or a similar password on multiple sites. (This is especially a problem when one of those sites is the service provider of the email account linked to the login.) Until standards such as OpenID are improved and widely implemented, the biggest security risk remains the same services that made modern connectivity so appealing in the first place.