How not to fail like Ashley Madison! or a guide to hackproof application (part 1)

Ashley madison failure

Hisss!

The irony of a company so built around secrecy and gigabytes of profile informations roaming around internet is hilarious!

Even Ashley Madison’s advertisement is inferring: “We are here to keep your secret”

So how did such a scandalous failure happen? I don’t know but in this post I will try to describe a (near) hack-proof architecture with the hope that it does not happen to your application.

Whatever your company does, if there is customer data somewhere, there is a risk it could leak. Security should not be taken lightly. A data breach can crush a successful company to dust in one day! And in the cloud era, you should make sure not only your application is secure, but also a breach in cloud provider does not jeopardize your data.

On the other hand, security stays in the way of productivity. Making it hard for hackers to access your data will make it hard for your own developers and analysts to do the same. The valuable resources that need to go to building the product has to go to the security.

So, “What is the minimum we should do to make our application hack-proof?”

In these series of blogs I will address this question, and we will discuss an architecture to particularly prevent these hacks:

  1. Separating data that uniquely identifies the customer from the rest of data and securing this data separately.
  2. Encrypting data such that even the breach of data and some encryption keys does not cause a problem.
  3. Hot to make sure only authenticated services from specific hosts can access your sensitive data.
  4. In the worst case scenario that a hacker has access to your application and your main credentials, and can imitate your service to get data, how to prevent large scale data breach and catch them early?

Yet another Amazonian response to NYT article, except this one has a solution

Disclaimer: This short text is not about Amazon, it is about the whole tech industry in united states.

My grandpa used to say: If you want treasure, you need work for it! Hard.

This quote, is as true for companies as is for individuals. If a company wants to do extra-ordinary things that others deem impossible, they need to work really, really, really hard and smart. Delivering a gummy bear in the same day for free and still being profitable, having the best customer service in the planet, or slashing the price on cloud and still make profit while competitors can’t even get close to that price, are incredible achievements and require a lot of work.

And people enjoy working hard when they are solving hard problems. Any person who has hiked for a peak on a weekend knows this.

So, is there a way to work mediocre and still get great results? I don’t think so.

BUT, there remains the problem of empathy. Putting a cancer survival on ‘performance improvement plan’ is (… fill up the blank), even as an isolated case.

Myth:
We don’t know how to formalize empathy? When it comes to soft values, we can only hope our managers will do the right thing.

Busted:
Hoping that managers who are already under pressure to deliver will do the right thing in the most complex human situation is not the right approach.

Solution is simple:
Have the policy to let employees with hardship (families with new-born child, people struggling with disease, or other issues) have long paid time offs, and give them the chance to get their acts together and help them come back to a team that is fit for their new reality.

But is this going to make the company bankrupt?
No, it is only going to improve the brand, retain talent, and improve employee moral, if “I know company is there for me in hard times, I would be there for the company in hard times too.”

This is not a new concept. There is even successful, insanely profitable business model around empathy (can you guess, yes it is insurance). A large company can easily afford to guarantee empathy in workplace, and even make profit from it.

Will this ever happen:
Yes, many companies already do such practices. Amazon’s Career Choice Program is a good example of how empathy can become a policy. As the demand for a healthier workplace grows among high skilled workers, companies will adopt better practices.

Billion dollar idea:
I can see (and hope) that there would be a billion dollar venture in future that empowers every small and large company to give their new moms long vacations. They can makes money from charging a monthly premium (from employer or as salary sacrifice) like insurance companies.