Blog

Isn’t it Time to Think of People First and Not Policies and Technology?

Security and simplicity are often viewed as opposing forces. One widely held belief codified in the information security policies of most organizations is that for a system to be secure, people must use complex passwords that are changed frequently. This of course makes using those systems more complex and that is “just the way it is”!

While the basis for complex passwords and frequent change is sound for robots, humans don’t have infinite capacity to store random information. As a result, passwords get written down, reused across systems and changed in patterns, all of which defeat the original objective of enhancing security. Policies against such practices exist too, but isn’t it time to think of people first and not policies and technology?

Of course there are solutions to the password mess. Single Sign On (SS0), biometrics and device-based multi-factor authentication are all supported in Signiant Media Shuttle via SAML integration. But, people-first design should extend beyond the initial login. Well-designed fit-for-purpose software like Media Shuttle, not only makes the system easier to use, but enhances security at the same time.

Like following cumbersome password management policies, managing and tracking access to media assets through a file system can introduce unnecessary complexity. Raw storage is designed to address a broad range of IT needs and this broad applicability leads to complexity. Raw storage incorporates complex access controls and complex low-level auditing mechanisms. At the storage level, it is difficult to tell if a file was accessed to generate a thumbnail or to transfer the file out of the system, both of which have different security implications. This is where a software layer that is purpose-built to enable fast seamless global access to media sitting between users and raw storage can improve system security.

This “layer of software” translates low-level IT operations into capabilities and functions that make sense to media professionals. I wrote an article addressing this a bit further: “Do additional software layers enhance or hinder security?” Of course this layer of software has to be designed with secure design principles in mind to provide actual security benefits, and this isn’t something that should be taken for granted. Fortunately an in-depth understanding of secure design principles isn’t required to determine if software like Media Shuttle lives up to its security promise, because Signiant software is regularly reviewed by third-party independent security evaluators to continually assess and improve the security of the system and put the security of our customers and users first.