When Security is Hidden in Plain Sight
Escaping the Complexity Trap
Securing your database is like securing an apartment.
If you choose something that is too complex to set up, configure, and maintain, it might be like applying 15 padlocks to your front door. Going in and out of your home will be a chore and a half. Eventually you will start to go in through the window, rendering the entire purpose of the locks pointless.
There has been a spate of database hacks over the past years, all due to the same culprit: Complexity where things should be simple, neglect where there should be diligence, and manual requirements of the user where there should be automation.
As a result, scores of company brands have had to pay for a hit to their reputation due to poor decisions by their third-party databases.
To protect your most valuable asset, your information, there are some things you need to look out for.
The Trap is Set
Requiring new users of a security system to pour over too much documentation can be dangerous, especially for developers looking for a security solution to do most of the work for them. When setup and configuration become too much of a chore, the temptation becomes huge to just get started without putting up security.
Most projects begin on a single developer machine safely inside a company VPN. Itching to get started, a team might decide to start coding now, while everything is safe on the one machine, and install protection at a later date.
It can take weeks, or months of programming, testing, debugging before the project is ready for production. A security system can be installed, but the defaults are set to disable with the expectation that everything will be turned on prior to that great last pull to production.
There is the possibility that this step is forgotten.
If the last guy forgets to press that big red security button before the other guy hits that big green release button, you can have an application delivered to the public internet with no security enabled at all.
Hackers, looking for these very oversights, will attack these systems and harvest their data.
Hurdling the Obstacle
This is the classic case of too much leading to absolutely nothing.
The right scenario is where less is more: Less work required by the developers enables more security for your systems.
An easy to use security system for your database can get everything ready at the first step. Simple documentation and an easy to set up wizard can make the process simple, taking away the allure of a shortcut to start coding.
Databases systems like RavenDB will not let you release your project to the wild until you have fully addressed security. An alert will prevent you from moving forward until you confirm that your security is enabled, the database security is enabled, or the security of your general systems is adequate for release.
It’s the right combination of automation and alerts that make security complex for intruders, but easy for you.
The worst thing that can happen is when you do everything right, and you still lose because of mistakes you had nothing to do with! A database shouldn’t compromise your most sensitive assets because diligence wasn’t properly applied.
That’s why security must be both convenient and comprehensive.