Five characteristics of secure online services

Online services such as "cloud" based data storage require special care to offer security to customers. Even if you know you are trustworthy, your customers need more assurance than your word.

Online services such as "cloud" based data storage require special care to offer security to customers. Even if you know you are trustworthy, your customers need more assurance than your word.

"The cloud" is becoming an awfully popular term these days. Increasingly, small companies that want to offer big services are finding that tapping into "cloud" based services such as Amazon's EC2 and S3 can offer a highly affordable way to manage the technical back-end of the business model. While details can vary greatly from one type of service to the next, and what kind of security a customer needs can vary greatly from one customer to the next, there are some generalizations that can be made about the necessities of security for an online service that handles private data.

Five such generalizations follow. There will be other characteristics of a secure service that apply in specific instances, in addition to these more general characteristics; figuring out the security pain points of your particular service is a definite necessity for providing the best, most secure service possible.

  • Manage the actual secure service on infrastructure that is distinct and separate from other business infrastructure (e.g., the public-facing Web site). This ensures that security breaches affecting the company's IT infrastructure in other areas will not provide easy access to customer data.
  • Offer a means of interacting with the service where data encryption happens on the client-side, before any data gets sent to the service, if at all possible. This would mean that customers can be sure you, any shady or disgruntled employees (or ex-employees), and anyone compromising your service's IT infrastructure in any way will not have access to unencrypted customer data or decryption keys for that data. Never forget that privacy is security.
  • Provide client software not only as binary executables but also as source code that can actually be compiled (or interpreted) and used by the customer, lacking nothing. This means no omitted DRM source or elided trade secrets. The only way a customer can be absolutely certain that there is nothing shady going on in your source code is via technically proficient people who can examine the source on the customer's behalf, following which the exact source that was examined is the code that the customer uses, ensuring that a bait-and-switch was not used to lull the customer into a false sense of security. While such source code could be offered under a nondisclosure license or agreement, there are security benefits for a well-managed open source project -- such as security through visibility.
  • Create and manage a mechanism for transparent two-way communication with customers regarding security matters. This can take the form of a public bug tracking system, for instance, so that people have an easy way to inform you of technical issues, to see what issues might currently affect them as customers, and to follow your progress in addressing these issues. To the extent you actually care about customers' security needs, security notifications should be handled transparently.
  • Pay particular attention to making sure customers know how to interact securely with the service, and to providing a secure procedure for interacting with the service that makes it easier for the customer to do the right thing than to do the wrong thing. Interface design is security design, after all.

These are the sorts of security policy points you should employ when designing an online service for customers, if that service handles any sensitive data. Keep them in mind if you are a service provider reading this article. When you've put together what you are sure is a sound plan for offering a service whose security can be verified by the customer, make sure you do not forget to let the customers know how they can verify that security.

You should also keep in mind that some of your would-be customers may be reading this article as well -- and if you do not address these security policy points, you may lose those potential customers.