Security Why big organisations keep getting hacked: Security best practices and the promise of decentralisation

Oftentimes when companies approach us to discuss their pain points, these revolve around price, bad communication or too little control over their web or mobile applications. When we dive into these applications, we find scarier pain points of which the client is often not aware.

“Oh, but that won’t happen to my application”

Even big organisations struggle with security and scalability. Recently, Homerun got taken hostage by a hacker with mal intent who had access to almost all the personal information of the users of the platform. Ikea and Mediamarkt also got affected by hacks that compromised the data that they ought to keep secure.

If you implement security and scalability measures afterwards, you are already too late. To ensure your application can grow to more users safely and without scalability issues, daily operations cannot be compromising the safety measures in place.

Security starts with the operational safety

Even if the application is built with the industry’s standard security measures, encryption algorithms, and multi-factor authentication, if the people who use it don’t adhere to a proper security protocol, all this is in vain. If your email address had been breached previously (You can check it here and you use this address as the root or admin user for your platform, you are inviting malicious hackers to take advantage. If your password is welcome123! Then you are making it very easy as well for external people to gain access to your information.

Password management, VPN, and two-factor authentication are essential nowadays to keep your operation as secure as possible.

Building a secure and scalable application

When building an application that will handle user data is crucial to map the different roles and permissions, and clearly define what access and rights users have within your application. This can be done by mapping the RBAC (Role Based Access Control) up front and not when the application is already built. In this way, it is less likely that configuration errors might sneak into the structure of the application. It also means that you can prevent common mistakes for example, why should a back-office user who is responsible for changing the translation have rights to fetch user data?

Another practice that drastically increases the security of your application is to think about isolated zones. Most applications run a single database with a role like admin who has access to everything within this database. If hackers get access to this account, they have full access to all of the information. It is a good practice to save different types of data in different ways. You might save the keys to identify users in a database but split this from the personal information linked to this account. In this way, if the database is compromised, you prevent hackers from linking the data to personalized information.

For scalability purposes, it is important to create the architecture of the application beforehand. This way, we can prevent database deadlocks and requesting more data than is necessary for the functioning of the application.

Implementing decentralization to ensure transparency

Everything mentioned above relies on software patterns we are very familiar with; passwords, databases, and roles and permissions. However, alternative methods are emerging to ensure the ownership and security of your online presence. One of these methods is implementing a blockchain data structure instead of a centralized (password-protected) database.

Blockchains rely heavily on encryption and personalized access, using cryptography to define who owns what piece of information. Instead of one single database holding all the information, there is no dependency on a single party to manage and keep your data secure.

Against common belief, blockchain technology, or other forms of decentralized data, can be implemented in many ways, aside from cryptocurrency. At Miyagami, we are always exploring new ways to implement new technologies in traditional industries to improve the security and reliability of applications. If you’re interested in exploring the options, don’t hesitate to contact us.

Accelerate your digital transformation.

With a strong innovation and technology-focused mindset, we explore your problems and come up with the best tailor-made solution.

Contact us