When organizations talk about securing their environment, the word perimeter comes up often. In the classic sense of the term, it’s intended to mean the first line of defense. Every good, secure organization has multiple layers of defense to protect themselves from intrusions from all sides. Classically, the perimeter refers to a technical piece of the organization, as in the network. For organizations that have a web presence, or mobile apps, the perimeter often involves external sources such as client applications and browser friends. A proactive and secure organization is constantly monitoring and testing its perimeter, from a technical perspective, including the intrusion detection, and hardening of its entry points into the network.
The Weakest Link
A part of the perimeter conversation that often gets missed is not in fact a technical issue, but a people issue. And organizations’ employees are part of the perimeter. Whether it’s a call center, a support line, an email system, or even the receptionist, these are all areas that need to be considered part of an organization secure perimeter. The weakest link in an organization often times can be a well-meaning individual who unwittingly allows access to information that is private, or otherwise not intended for public use. The machines, when configured properly can run in an automated fashion, and can protect the system. The humans, on the other hand are inherently more complex. A strong and secure customer experience organization needs to maintain focus on the critical, and often times small issues. User credentials, password reset procedures, general customer information, etc.
Integrated Security Model
These are just a few examples of sensitive information that an operational team, whether implementations or otherwise, have access to and need to protect. An integrated security model that takes into account these less technical portions of the organization is essential. But as it turns out, the same general practice used on the technical side; constant scanning and general vigilance can go a long way.
Whether it’s procedures that encourage checks and balances, systems that are put in place to securely protect information, or cross functional team support to encourage double-checking of sensitive information and configuration options; these are just some of the procedures that a strong insecure software organization with a customer facing element can help protect the perimeter, which as we’ve seen throughout the industry, is in fact the most sensitive part of any organization.