January 27, 2014
Think in 3 P’s and criticality
People, processes and parts are the 3 Ps that are often subject to scrutiny and hardening. Things that are heavily relied upon to handle data such as people, methods, software, hardware, and equipment pose potential business risks to DSPs and their customers.
In some industries and in certain processes, such risks aren’t substantial enough to warrant backup systems and redundancies. A good way to gauge reliance is to actually run — and not just perform the mental exercise of one on paper — critical business processes in acquisition, provisioning, billing and payments, and support, by omitting some of those 3Ps. Although this is a very general test-by-breaking method, it is hugely important when it comes to testing security measures in 3P. It’s a structured method of building informed trust.
Breaking in and out
The battles against hackers, competing organizations and data leaks, are ones almost all data service providers fight. These are the basic ingredients that are used in combination by DSPs to maintain an edge:
- well-written and tested code
- audits by external teams
- whitehat infiltration and exfiltration attempts
- background checks on staff
- logging network and computer activity to trace document and network traffic
- secured physical infrastructure
- thorough documentation
- tested business continuity plans, especially ones that test the failure of 3Ps
- single point of failure analysis of 3Ps
- proper data handling policies
It often isn’t the encryption or code that’s broken by brute force, but rather exploited weaknesses in one of the basic ingredients above. Most technology firms genuinely make all commercially reasonable efforts to safeguard user data. But the intent can be lost in translation, especially in very complex companies with many products, and these weak links can compromise the entire proverbial fortress.