Ask HN: Accessing confidential content stored online. Best security practices?

3 points by MegaLeon 9 years ago | 1 comment

In my company we distribute media content to be accessed through a mobile app to several clients. Right now the workflow is to build a separate version of the app for each client (functionality is 100% the same, the embedded media content changes) and distribute it confidentially via testflight. This, of course, is very slow and cumbersome.

I have built a proof of concept where the media is separated from the core application. The content is hosted online and when the client inputs a request code, checks if matches with any content and downloads it to the device. Right now the workflow is:

  * the user enters a code
  * a json file hosted online is downloaded read to see if the code matches any entry
  * if so, it gets the online address of the media content from that entry and downloads it

It's a very basic and naive system. My supervisors, however, loved it and want me to push this system to production level and use it with clients.

Thing is, we deal with extremely confidential content and could get in lots of trouble if any of it leaks out or if the clients were to access the wrong content. Right now everything is hosted publicly on a server of mine to test the proof of concept. My knowledge of web security is limited to SSL and that's it - I am slowly piling up resources to read and hope to educate myself enough to make a functional product out of it.

If you were me, what steps would you take into making this process as secure as it needs to be?

brudgers 9 years ago |

To me, the place to start is a risk assessment. Part of the risk is replacing a field deployed proven technology with a prototype. Part of the risk is securing information accessible on the web versus securing information embedded directly on the device. Part of that assessment is the risk associated with developers working in an area in which there is less experience and expertise.

Once the risks are identified, a business model can assign costs to each, for example assigning a monetary value to one customer having access to another customer's data. Monetary values can also be assigned to mitigating each risk and these should be assigned based on levels of mitigation, for example the cost of reducing the likelihood of one customer accessing another customer's data from a 1% probability to a 0.001% probability. Once that's done, the business decision about where to expend energy becomes a more informed business decision.

Presenting the risks and suggesting a cost analysis probably won't keep the development team from being scapegoated if and when things go sideways, but it might form the basis for a long term plan...e.g. staffing up with web security experts.

In the end, my first approximation is that if it's on the web it's insecure and even banks assume some losses.

Good luck.