January 24, 2018
By Andrew Patterson
Focusing on security from the very inception of a system is proving more crucial than ever today
Abstract: As technologies evolve, requirements and architectural needs evolve in unpredictable ways. Platforms need to be flexible to take these future changes into consideration and meet stakeholders’ requirements. There is an intrinsic challenge that requires a willingness to give up what is best for a single player and adopt what is best for the system.
The public’s awareness and interest in content and internet security is at an all-time high. This is particularly true when it comes to the entertainment industry, where the second half of 2017 has been especially problematic (and there are no signs of a respite). And now everything from social media to onboard automobile systems to the Internet of Things is under attack.
Payment companies are familiar with these challenges, have been dealing with them for years, in fact. And yet, even today, it seems we’re playing catch-up, living in a perpetual reactive mode.
There are many aspects to computer security — network, server, data, access, etc. And all can be addressed in various ways, including well-defined access control, aggressive patching schedules, encryption and secure coding.
However, that’s just one side of the security challenge. Like many industries, entertainment has software and systems designed specifically for the nuances of a single industry. The result: a large number of systems are one-off and are, in some regards, immature.
That’s why it’s critical to focus on security from the very inception of a system — and it’s an approach well-known in somecamps. The debate in both the product and development worlds has been simmering for years: Product vs. Platform, and the concept of Product-as-a-Platform. And, so we ask, where exactly is that line of demarcation and what does that really mean?
A platform, of course, can be described simply as a technical framework that can encapsulate one or many products. Essentially, a platform is a flexible software ecosystem that’s a collection of data stores, configuration repositories, APIs, security mechanisms, etc. (See Figure 1).
Many well-known companies have been evolving their platforms for years — if not decades — into very successful products. Google, Microsoft, PayPal, Apple and others are all examples of successful platforms that were created from a set of well-defined components, which now work together to provide a product with tangible value.
Another great and well-known example is the ubiquitous Linux operating system, which today is the operating system that powers more than two-thirds of the internet’s servers.
Speaking at LinuxCon in 2015, Linus Torvalds, the creator of Linux, reiterated a notion that many chief information security officers have observed over the decades: “Unplug the network cable and instantiate draconian measures for physical security. You’ll make sure nobody can get in, but you’ll also make sure that nobody actually wants to use the platform. And that may sound like an extreme case, but it’s a very fundamental issue in security. You cannot look at security as something separate.”
Torvalds’ message is clear: You cannot have absolute security. And that’s always a nice digression as you imagine disconnecting from connectivity. However, as pragmatism sets in, there is a realization that there will always be risk, but well-designed and well-managed platforms will meet the challenge.
This brings us to platform security – the security architecture, inherent design, tools and processes that ensure the security of an entire computing platform. This sounds straightforward, as components and data stores are added to the overall ecosystem. However, there are system security methods and mechanisms at the platform level, and design and implementation concerns at the component level.
And just like the Linux operating system, new platforms need to be designed in a way that have product flexibility and security as an innate feature.
“Linux is just an enabler – core infrastructure, it’s a solid base, but like all good, solid bases, it really is something that should be almost entirely hidden and out of peoples’ minds,” Torvalds says.
He adds that the platform does need to be out-of-mind. The framework needs to be there to support all product and other mandated features, but it cannot be the primary theme. The product features and the product as a whole need to have that attention.
So how do we get there? Through “Platform Leadership,” which is achieved by adhering to the following tenants:
• There must be a well-articulated vision of the platform.
• Each component must have well-defined interfaces and boundaries.
• All functionality needs to be well-defined and accessible through these exposed interfaces. There should not be any back channels or exceptions.
• The technologies used need to be in alignment. Avoid the “science-fair” mentality.
• Engineers should be positioned for success through adequate training and tooling.
• Security must be built into the design of each component and corresponding interface.
• All defined interfaces must have associated regression suites that are comprehensive and include security permutations.
This challenge becomes more complex as components are abstracted or removed from the central platform. Specific examples include sharing of encryption keys or data; replicating data stores across components; introducing a consistent encryption mechanism, and defining evolving system accountability.
Finally, it is important that we don’t lose sight of the fact that all systems are not created equal:
• Some, in fact, shouldn’t have a data store or repository
• Design principles should dictate whether a system should invoke new security mechanisms or follow existing methodologies
Every day there will be a new ask for data or a feature; sometimes the request will be for data that is not inherently supported within a given platform. Therefore, any platform owner needs to know the vision for the platform and always, always stick to those principles.
Defining leadership roles in the ecosystem
When assessing the holistic ecosystem, participants in the value chain must look at contemporary systems design through a building Products-as-a-Platform perspective, as well as with the ultimate requirement of robust security. Key tenants of this are encryption, security and architecture with a collaborative and partner-in-mind approach.
Many components and platforms are needed to create an ecosystem when there is comprehensive security, and many participants involved. This is achieved by adhering to the following:
• Exhibiting an open-mindedness to solutions and technologies
• Maintaining a willingness to collaborate with partners both upstream and downstream
• Understanding that an ecosystem is a complex network of partners with a wide spectrum of requirements
• Employing governance that is holistic when assessing change
As technologies evolve, another challenge emerges: Managing requirements and architectural needs that evolve in unpredictable ways. The platform needs to be flexible so future changes can be considered and meet stakeholders’ requirements. This requires a willingness to give up what is best for a single player, and instead adopt what is best for the system as a whole.
Platform leaders must have the courage to make unpopular decisions. Platform design is a complex exercise at both the ideation phase, as well as the implementation phase. The transition from one phase to another often provides surprises and unexpected challenges. The key to platform leadership is to make the right decision. The key is to do it right the first time, because there will never be the chance to go back and rework or even restart the process. Difficult decisions need to be made, and these decisions have that potential to be unpopular internally, as well as externally.
The intuitive behavior is to lessen the impact for the external players by internalizing the efforts on one system. This is done so that there is comprehensive control to minimize the impact on adjacent components and systems. Sometimes this approach works. However, it often has consequences, setting up artificial boundaries, and limiting possibilities. This includes platform flexibility and possible future challenges in incorporating additional features as the system evolves.
Summing it up
Obviously, hard decisions create tension that can lead to resistance. The goal is to state your case and achieve consensus. As a platform leader, you may not always be making friends, but you will be building the right platform.
And in the end, it comes down to making the right decision. As U.S. Army Gen. Norman Schwarzkopf once said: “The truth of the matter is that you always know the right thing to do. The hard part is doing it.”
Secure products and systems that can benefit everyone are within reach. All it takes is a proper and comprehensive vision, a platform approach, and the willingness to make the right calls.
Andrew Patterson is CTO at Cast & Crew Entertainment Services, a leader in providing technology-enabled payroll, accounting and production management services to the entertainment industry. Patterson oversees the company’s corporate technology and security teams, and directs and manages the company’s engineering team and its development of Cast & Crew’s digital products.