Friday, December 29, 2006

Lessons from Analog Security

As a security person I try to take notice of security measures in non-digital settings. These are a few I noticed this week.

  • When visiting a jewelry store, I saw a sign say the following: "Our insurance policy does not permit us to remove more than one item at a time from this display case." This sign was attached to a case containing the store's most valuable jewelry. This is an example of limiting exposure by restricting access to one asset at a time. In a more generic sense, the digital version might involve following guidelines applied by an insurance company. Perhaps they would require WPA2 for wireless networks, etc.

  • I received a check from a client. Underneath the signature line I read "Two signatures required for amounts over $75,000." This is an example of dual accountability. It requires someone writing fraudulent checks to have an accomplice. The digital version involves requiring two privileged users acting together to accomplish a particularly sensitive task.

  • At many stores I saw video cameras directly above the cash register. While these might be useful for recording thieves, it is probably in place to deter employees from stealing. The digital version is comprehensive host- and network-centric monitoring.

I think one of the fundamental problems of digital security is the inability to translate historically sound analog security practices into digital forms. Traditional computer scientists are not security experts. Traditional security experts are usually not computer scientists. Addressing this gap would be beneficial to both communities.

Can you think of other examples of security measures in the analog world that could be applied to the digital world?


John Ward said...

Issues like this can typically be addressed during the design phase. While software development lifecycles are typically things held in the classroom and not on the floor, this is something that should be discussed during the design phase. Problem is, the design phase never includes an open discussion with security engineers. This is where that gap would be addressed. When designing things like sequence diagram, a development team, including security engineers, would address and notate that secure methods are required at points A, C, and F.

it would be nice if that gap could be addressed, of course the bigger problem is that software developers usually skip the design phase and go at it with the "Shoot first, shoot again, and try asking a question or two when finished shooting". Computer scientists needs to address the gaps in their own community before trying to bridge any gaps with others...

Anonymous said...
This comment has been removed by a blog administrator.