Security vs Freedom
posted by Anna Mar, April 17, 2011This IT topic that has some obvious parallels with real life: Security vs Freedom.
Security vs Freedom is a fundamental architectural trade-off. It goes like this — when you increase security you tend to restrict freedom and vice-versa.
Alternatives
The Security vs Freedom trade-off is restated many ways:Data Security vs. Data Access
Trust vs. Risk
Security vs. Productivity
Security vs. Innovation
etc ...
Security restricts freedom
A few examples of how security restricts freedom:- a security policy restricts a knowledge worker's access to organizational information
- a business team that has no permissions to experiment with new applications
- password rules that force users to choose complex passwords
- control processes that require approvals to see documentation
Freedoms expose the business to security risk
A few examples of how freedoms introduce security risks:- angry employees that have access to sensitive business information
- employees with permissions to install new applications accidentally install malware on a business device
- a developer who has access to production changes code directly on a live system
Have your cake and eat it too?
It is sometimes possible to architect highly secure systems that do not restrict freedoms — but they are usually expensive.Secure + Open (freedom) = Expensive
Example: SOA security is expensive because SOA services are open by principle (reusable, discoverable, published service contract etc...).
|
Current state blueprints capture business, data and implementation architecture at the conceptual, logical and physical levels. |
|
Scoring the EA team on influence. |
|
Take a few minutes to learn about the Zachman Framework — a framework for Enterprise Architecture. |
|
ESB vs. ETL — what you need to know to make an informed choice. |
Recently on Simplicable
|
|
| Multifactor Authentication Explainedposted by Anna MarHow to confirm the identity of users and entities. |
|
