Netflix’s Open Source Cybersecurity Tool Hopes To Empower Employees

Netflix says it wants to treat workers like people and educate them rather than restrict them on cybersecurity issues

Netflix has released an open source security application for businesses that want to focus on the human side of cybersecurity to limit data breaches.

Stethoscope, available via GitHub, is a web app that collects information from an employee’s devices and presents information and recommendations in simple language. Netflix says the idea is to treat people as humans and educate them about threats rather than restrict them with policies.

Netflix itself is subject to phishing scams that attempt to trick users into handing over their passwords for the video streaming site.

Read more: What happened when Silicon chilled with Netflix’s tech team

Netflix Security 2

Netflix security

“We believe they can get their devices into a more secure state without heavy-handed policy enforcement,” said the company.

Stethoscope can make recommendations for encryption, firewall, software updates and screen lock that can be presented in the form of notifications.

Various data sources are compiled into the application, which merges that data for display. Recommendations are ranked in terms of importance and the design is responsive so it works on mobile devices.

“It’s important to us that people understand what simple steps they can take to improve the security state of their devices, because personal devices–which we don’t control–may very well be the first target of attack for phishing, malware, and other exploits. If they fall for a phishing attack on their personal laptop, that may be the first step in an attack on our systems here at Netflix.

“We also want people to be comfortable making these changes themselves, on their own time, without having to go to the help desk.”

Last year Netflix completed an eight year migration to the cloud and is now running entirely on Amazon Web Services (AWS). It sees cloud and open source as essential pillars of its IT operation and its decision to move off premise was sparked by a database corruption in 2008. It shut down its last data centre in 2016.

Quiz: What do you know about cybersecurity in 2017?