When designing systems today, everyone is aware that security is an essential feature, even in systems that you don’t think are critical.
The recent Equifax breach brought home to me one of the most important factors of designing secure systems (software or not): delivering systems with secure defaults.
In today’s threat-rich environment, the secure configuration of a software system like a router, iPhone, or even a refrigerator may be beyond the skills of the typical end user. Most people are just now becoming aware that these things might be risky but don’t have the knowledge or ability to even assess all of the security risk they pose.
Thus, it is incumbent on systems designers to turn the traditional dynamic of “ease of use over security” on its head and utilize the principals of Secure by Design to deliver systems that are Secure By Default.
In the process of helping relatives understand what they needed to do in response to the Equifax breach, it repeatedly struck me that the credit system was designed with ease of use for the creditors in mind and not security of the people whose data they sell.
The simple fact that millions of Americans need to take individual action to freeze their credit is the perfect example of a system that is not secure by default. Now, the credit system clearly has lots of security tools and protocols in place, and I don’t doubt that the three credit agencies take security seriously, but the system itself is designed such that everyone’s credit report is available by default.
In fact, that is a major aspect of the business model the credit agencies engage in. And in the past, it was generally accepted that this was okay. But think about all of the extra work created for all three companies as they deal with what should be every single U.S. citizen requesting that their credit reports be frozen. Now think about how much better off both they and us would be if the system was secured by default.
To me, it is also interesting that they have already figured out how to make money from us by charging to lock and unlock our data. Well, we think it’s our data, but that is a topic for a discussion of Privacy by Design.
The only thing that would be different in the system with credit frozen by default is that it would inconvenience each person a little to un-freeze credit reporting in order to purchase things like houses and cars or to get credit cards. But I believe that the system could work without exposing much of the data, either, so they wouldn’t lose business of credit card companies sending me mail to shred. (Err…I mean credit card offers.)
The credit system is one that is open by default in order to facilitate the fast flow of loaning money.
It is possible to secure your data in the system, but an end user who isn’t even the intended customer has to take action to become safe. This is just wrong in my opinion.
As a software developer, I think that we need to do more to insure that when we create a system, it requires INFORMED decisions from the end user to move AWAY from a secure state instead of TO it.
Of course, we need to continue informing and educating the end users about the security risk in the systems we produce, but Secure by Default is an essential approach to systems development in this day and age.