Security's Everyman

Security's Everyman

Monday, June 02, 2008

The best laid plans.......

Growth can hit you square in the mouth if you are not careful. Growth can even kill you if you aren't prepared for it. Growth is good but like most things it needs to happen in a controlled manner. Not an easy thing to do when you are talking about your business and the success of a plan or product that takes you by surprise, even beyond your wildest dreams. Yet without a plan to address growth, even unexpected growth it can damage your business beyond repair.

In the last few months I've seen several incidences of growth that happened unexpectedly and quicker than expected. In many of these instances the companies have been sent reeling as their technology has not been able to keep up with the demand that is being put on it. Twitter is a perfect example. It's been around for a couple of years but as of late it has seen significant growth. Growth that it isn't prepared for. Growth that has all but taken it off line for much of the last week. Growth that may send users running to other similar services. Already within the security community there is a push to use FriendFeed as well as Twitter. Maybe even to replace Twitter.

I have a friend who works for a company that worked for years to build a business and they did build it. It was small but growing. A few months back growth hit them suddenly and their databases had a hard time handling the new load put on them. They have had a couple of outages but more importantly they have had several features of their application quit working properly. They had not planned (nor tested a plan) to handle growth to this degree. In the past as they experienced growing pains they just dealt with/ them as they arose. Now they are faced with/ potential crisis because they can't continue to operate this way. They have to fix the problems and put into place a practical plan that will address them and prepare so that they don't happen in the future.

With gas prices pushing $4 a gallon here in the US transit agencies are seeing big increases in riders. Many of them are experiencing growth related problems in regards to database usage, storage space, and scheduling routes for buses and trains. Increased routes means that there are more trains and buses on the road and rails that have to be tracked to ensure that they are where they need to be WHEN they need to be. Especially when dealing with trains being too early can cause real problems. Also you have to know when to stop, slow down, go and speed up. Technology is what allows the train operators know when these things need to happen. Last week Boston and Chicago (I think) both experienced passenger rail accidents. Were they due to growth issues? I don't know for sure but it's highly likely that growth did play a part in them.

How does this relate to Information Security? It has the potential to fall under the A in the CIA triad. These issues affect the availability of services and systems and although this type of availability issues are not usually security issues they can lead to security issues. If you database is under undue stress and heavy load then it makes it more likely that someone with malicious intent can sneak in and do something that they are not usually allowed to do. While under heavy load trying to process data it may allow a window where an attacker can bypass a security measure. If your service is off line or only sporadically available it could allow for someone to impersonate you and lure your users to their site where all sorts of bad things could happen. Not to mention that when you are focused on a issue that affects your users then security often gets overlooked or ignored. You are concerned with getting back up and running even if it means that you do something insecure.

I'm one of these who believes that information security touches EVERY part of the enterprise and needs to be included in all aspects of planning. This is just another example of how not only good business planning but also good security planning can save you lots of headaches.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.