Historically, We’re in good Company

A poor authentication interface shared by a small number of people represents a moderate risk.  Right?  The more people exposed to the interface, able to probe it, attempt to expose weakness, or socially engineer the staff surrounding the interface, the more tension exists around whether or not this interface will successfully perform, or whether it will betray itself to the anguish of all.

Imagine the case now where your internal departments insist on purchasing a poorly secured application.  Happens all the time – except now, this poorly secured application is outside the corporate administrative domain.  Will your corporation have the infrastructure, the involvement, and most importantly the policy prepared,  such that your requirements for security and identity are considered at the time of purchase, instead of bolted on after the fact?

Well, don’t worry.  Neither does anyone else.  Think of it this way.  You’re the star in a fairy tale, and you’re using a time-honored method for ensuring your happiness:  one that allows for the greatest amount of suspense and possibility for evil to win.   After all, everyone wants their corporation to be part of a thrilling epic saga, do they not?

World's Worst Security TokenSacrifices of assurance for end results are the things of fairy-tales, after all.  Did Prince Charming put out an artist’s rendition of Cinderella’s face to find her?  No, he offered to marry any girl that could fit a slipper. Hijinks ensued. If we allow these new web-based applications to grow into large communities before we dictate that it is not acceptable to use standalone user management pages stored in silos and protected by flimsy HTML form posts,  we will bring the very problem we already have today in both the consumer space and inside the Enterprise into a much more dangerous arena.   If we choose to draw a line in the sand now, web and cloud based  companies pursuing the Enterprise market will gladly make changes to draw in initial customers, assuming we all make a unified, logical, and complete case.  If we wait, however,  the need for application content will again outweigh the need for safe infrastructure, and we will have lost our leverage.

Those of us who wish not to see the sins of our past revisited, the time is now.  The tech is there, but it isn’t easily consumable by potential applications.  We need to get our act together;  if we do, we can avoid the next chapter of drama.   Otherwise, well, there be dragons in our future.  Why slay them later, when we can simply keep them from ever coming to roost?