A lot happens before ideas become solutions.
At ElixWare we want to bring you more than just great, affordable software. We want to let you know how and why we do what we do.
Our Ruminations blog will bring you insights into how we got here and some of the things we consider when trying to help you run your business. We hope it gives you a better understanding of how we strive to better serve your needs.
Good system planning and design is essential. And that planning should always include data and operational security from the very beginning. If how a system will be used is not part of the initial design then the scales of failure are not tipping in the system's favor.
"We'll figure it out before we roll it out" is never a good practice. It's a lot like the good intentions of "good enough is good enough". They both face similar time constraints as a system nears completion. Yet the priority of addressing "we'll figure it out" will always increase and the priority of "good enough" will always decrease. As deadlines approach corners tend to be cut and compromises are made.
Think about the paragraphs above with your project as the "system". Would, or could you, try to implement this type of security model?
Enter India's Aadhaar national ID system. It holds the personal and biometric information of over 1.1 billion Indian citizens. The secret ingredient in Aadhaar? Trust. And that trust has been shared with 100,000 "enrollment administrators" spread out across their country.
A system this size, and this important, is a staggering undertaking. The financial costs are extremely high, as are the political costs of failure. And let us not forget the many costs of poorly designed security.
It is unimaginable that 100,000 people can keep a secret. Because they can't. With that many enrollment administrators it is easy to predict that not every one of them will intend to.
How else could it have been implemented? I haven't had the privilege to review Aadhaar's requirements. But I would have started with limiting access to only the citizens an enrollment administrator entered. And I would not allow them to add more enrollment administrators.
I don't know who thought sharing enrollment administrator access to Aadhaar with 100,000 people was a good idea. Or why they felt that giving these 100,000 individuals the ability to add anyone else as an enrollment administrator was necessary. But I can tell you why they did it: convenience.
This is not the first time I've said this, and it won't be the last: One cost of security is convenience. When you trade security for convenience you are not going to enjoy either. Having 100k individuals add India's citizens to this system is convenient. Cleaning up this type of security exposure is not. And if human nature gets involved in the cleanup process I'd bet good money that other corners will be cut. For the sake of convenience.
Sometimes the people who plan and design the systems are the weakest link. And that's not a secret.