The Beginner’s Guide to Security Review for Platform Setup
Proper security setup and configuration is extremely important. If you pick the wrong tools, wrong configuration or wrong integration, you could be setting yourself up for failure.
One of my favorite sayings as a football coach is, “The game is talking to you. Are you listening?” With football, the way the opponent lines up will give you specific cues about what they intend to do. Your platform is talking to you in the same way. It’s calling out for integrations over here, simplifications over there or consolidations in the server room (if you still have one).
When listening to your platform, there are consistent areas to examine to define your key priorities and direction, as well as ensure you have a strong platform that’s manageable and scalable.
Intersection of 3 Key Entities
First, we need to ask questions about the intersection of:
Then you can define the applications needed to help your organization work efficiently and effectively.
Users must be segmented at many different levels for each interaction. There are internal users vs. external users and many different roles, groups and profiles within those two segments. There are two basic terms to keep separate when defining how these users will access the data and systems:
- Authentication: The process of determining whether someone or something is, in fact, who or what it is declared to be.
- Authorization: The process of determining which permissions a person or system is supposed to have.
Talking about authentication could lead you into conversations about active directory, single sign-on (SSO) or user provisioning. Talking about authorization could lead you into questions about which network drive a given user can access or what table in a database a user can read. Keeping those two terms separate can help clarify the tools necessary to succeed in each area.
Data is the lifeblood of an organization. It defines what’s been done and what still needs to be done. Users do not access the data until they have been authenticated and authorized. But once they can access that data, we need to help them be very efficient with processing it. When we talk about data, there are again two important terms to discuss:
- Master Data Management (MDM) – A technology-enabled discipline in which business and IT work together to ensure the uniformity, accuracy, stewardship, consistency and accountability of the enterprise’s shared master data assets (Gartner IT Glossary).
- Data Deduplication (aka de-dupe) – The process to eliminating duplicate or redundant information. While this can be termed a part of MDM, the tool and processes involved can also happen at the application or database level.
Asking which system is the “source of truth” for a given piece of data will help us define the process for keeping that data clean and in sync with all necessary systems. MDM and de-dupe do not mean that one piece of data like ‘First Name’ belongs in only one database. But talking about these concepts allows us to:
- Build applications faster with less cost
- Gain better reporting on the back-end
- Better manage and consolidate data
Many applications need to access the same data, but one of the keys is designing them so that integration costs to get to that source data are minimized.
Systems are essentially the hardware and software used to run the business. Back to the principles of coaching football, it’s better to run five plays well than run 15 plays poorly. The quicker we can figure out the tools that define your system, the quicker we can build and train teams to implement and extend those systems. That isn’t to say that we can’t add new tools to the toolbox over time, but the decision must be made in light of how our users and data are affected.
To sum it all up? Defining your system design and architecture meetings around users, data and systems will help drive the right questions. And then you can find the right answers to drive priorities today and tomorrow. These priorities will be the enhancements to your applications and infrastructure that support your entire enterprise.