• United States



How AOL Earns Customer Trust

Feb 01, 20053 mins
Data and Information Security

CSO: How did the role of chief trust officer evolve at AOL?

Tatiana Platt: In 1996, I was named vice president of integrity assurance. I created an organization that could respond quickly while preserving the integrity of the consumer experience. In 1998, our first official privacy policy was born. That was brought under the integrity assurance umbrella. In 1999, I took over functions related to network standards, like what kind of content would be on the welcome screen and whether we would take advertising from tobacco or alcohol companies. These issues go to the heart of the user experience. The whole “trust” idea came about in 2003. The group was reorganized into different lines of business, and we thought about what these different functions embody: It’s the trust between AOL and its consumers. Ted Leonsis, vice chairman of AOL, came up with the title of chief trust officer. We are the consumer face of security.

How have you influenced AOL’s security posture?Before the latest product incarnation [AOL 9.0 security edition], the challenge was convincing the organization that putting money into security is a good thing. AOL has taken the position that security is a necessary evil. Our consumers are telling us that security is important to them, but they want AOL to do it for them. The National Cyber Security Alliance and AOL did a joint study where they asked consumers whether they had antivirus and firewall protection, and then went to people’s computers to see if there was a difference between reality and their perception of how safe they thought they were. The difference was huge. [See “Home Users Aren’t as Safe as They Think They Are,” below.] People think they have protected themselves, but they’re not updating.

How has the changing security environment affected your work?As threats have changed, so has the work and focus of the department. We’ve needed to come up with different ways to educate the user. My group does a lot of prioritizing. If we only have one inch of text on the AOL welcome screen or 30 seconds in a TV ad, with the hope that the consumer retains some shred of themessage, what should we focus on? Our consumers are everyone from parents to children to college students to seniors, and we want to create a product that is easy for all age groups to use.

What message do you think you’ll be trying to convey to users a year from now?I’d like to say we’re moving in the direction where the big players will start offering consumers one-stop shopping; security will be built into the product. I think the answer is second-factor authentication. Online banks are starting to offer hard token authentication in addition to passwords; two to three years from now, it’s going to be pretty commonplace. It’s going to take a lot of coming together to get systems that will work across multiple sites, but when we do, the phishers will go out of business. Maybe instead of looking at an ad that says, “Got milk?” it’ll say, “Got secure ID?”