Security vs Freedom
posted by Anna Mar, April 17, 2011This IT topic that has some obvious parallels with real life: Security vs Freedom.
Security vs Freedom is a fundamental architectural trade-off. It goes like this — when you increase security you tend to restrict freedom and vice-versa.
Alternatives
The Security vs Freedom trade-off is restated many ways:Data Security vs. Data Access
Trust vs. Risk
Security vs. Productivity
Security vs. Innovation
etc ...
Security restricts freedom
A few examples of how security restricts freedom:- a security policy restricts a knowledge worker's access to organizational information
- a business team that has no permissions to experiment with new applications
- password rules that force users to choose complex passwords
- control processes that require approvals to see documentation
Freedoms expose the business to security risk
A few examples of how freedoms introduce security risks:- angry employees that have access to sensitive business information
- employees with permissions to install new applications accidentally install malware on a business device
- a developer who has access to production changes code directly on a live system
Have your cake and eat it too?
It is sometimes possible to architect highly secure systems that do not restrict freedoms — but they are usually expensive.Secure + Open (freedom) = Expensive
Example: SOA security is expensive because SOA services are open by principle (reusable, discoverable, published service contract etc...).
Current state blueprints capture business, data and implementation architecture at the conceptual, logical and physical levels. |
Recently on Simplicable
Multifactor Authentication Explainedposted by Anna MarHow to confirm the identity of users and entities. |