I had an interesting conversation with a client the other day, and while shocking at first, it made a ton of sense long term when looking at how to apply security controls to assets based on risk. I’ve blogged and written about things like this in the past, but the concept was interwoven as a theme to a different concept, or all together buried under links to YouTube.
The conversation was with a customer that wanted to put out a small informational site in support of a minor product feature, but also wanted to have the ability to dynamically update content through a web browser from anywhere in the world as he and some of his less technical staff thought of new areas that he wanted to highlight. The site itself was not designed to be a fully functional product launch site, but just a small site that a handful of users would visit periodically to get updates on the product itself (under 1,000).
When we started talking options, I asked him if he was planning on teaching his staff to edit HTML in Notepad, or if he was going to buy copies of Dreamweaver for everyone to help make the process faster. He said that he had access to a server that would sit external to his corporate firewall, have a hardened Apache and MySQL server, and run a simple Content Management System (CMS) on top. I asked him if he was concerned about the overall security of the setup (not behind a firewall, app/DB layer on the same machine, and no SSL protecting logins. He said he would just be backing it up daily, and any compromise of the system would have him make a phone call and shut the system down until it could be restored.
That’s an interesting approach.
The security and brand protection part of me says, “WAIT A MINUTE!!!” and makes the hair on the back of my neck stand on end. Do you really want to put your name on a product and potentially have a situation where it could be easily defaced? That seems kind of scary to me. It’s potentially embarrassing and could hurt the company’s overall image. ESPECIALLY if the site all the sudden is embedded with malware and people get infected.
Alternatively, the practical IT side of me says, “Why not?” Let’s look at the situation:
- Minimal budget to put this together
- Small user community (<1,000) signifies a niche product
- Need to send timely updates without teaching end users about HTML
- Need it to be fast and easily available to customers
Overall, this seems like a relatively low risk situation. Any compromises would surely be a small black eye, but just like the real ones, they heal. People forget. If the site provides value, maybe customers would ignore the potential breach scenario.
To me, the real risk is becoming a distribution point for malware considering that most A/V suites don’t protect you against much of the malware out there. Further considering the overall IT environment, I bet that an infection would cause larger problems inside his customer’s companies.
After talking to my client, I made a recommendation to use a service that provides a hosted CMS, regularly check for malware, and back up the content frequently.
Have you ever seen something like this backfire in your company? What were the repercussions? Did it turn out that spending the money to do it right would have been better?
Possibly Related Posts:
- Selective Domain Filtering with Postfix and a SPAM Filtering Service
- Preventing Account Takeover, Enable MFA!
- Proofpoint Patches URL Sandbox Bypass Bug
- Improve Outbound Email with SPF, DKIM, and DMARC
- Life after G-Suite/Postini