
Ask HN: Accessing confidential content stored online. Best security practices? - MegaLeon
In my company we distribute media content to be accessed through a mobile app to several clients. Right now the workflow is to build a separate version of the app for each client (functionality is 100% the same, the embedded media content changes) and distribute it confidentially via testflight. This, of course, is very slow and cumbersome.<p>I have built a proof of concept where the media is separated from the core application. The content is hosted online and when the client inputs a request code, checks if matches with any content and downloads it to the device. Right now the workflow is:<p><pre><code>  * the user enters a code
  * a json file hosted online is downloaded read to see if the code matches any entry
  * if so, it gets the online address of the media content from that entry and downloads it
</code></pre>
It&#x27;s a very basic and naive system. My supervisors, however, loved it and want me to push this system to production level and use it with clients.<p>Thing is, we deal with extremely confidential content and could get in lots of trouble if any of it leaks out or if the clients were to access the wrong content. Right now everything is hosted publicly on a server of mine to test the proof of concept. My knowledge of web security is limited to SSL and that&#x27;s it - I am slowly piling up resources to read and hope to educate myself enough to make a functional product out of it.<p>If you were me, what steps would you take into making this process as secure as it needs to be?
======
brudgers
To me, the place to start is a risk assessment. Part of the risk is replacing
a field deployed proven technology with a prototype. Part of the risk is
securing information accessible on the web versus securing information
embedded directly on the device. Part of that assessment is the risk
associated with developers working in an area in which there is less
experience and expertise.

Once the risks are identified, a business model can assign costs to each, for
example assigning a monetary value to one customer having access to another
customer's data. Monetary values can also be assigned to mitigating each risk
and these should be assigned based on levels of mitigation, for example the
cost of reducing the likelihood of one customer accessing another customer's
data from a 1% probability to a 0.001% probability. Once that's done, the
business decision about where to expend energy becomes a more informed
business decision.

Presenting the risks and suggesting a cost analysis probably won't keep the
development team from being scapegoated if and when things go sideways, but it
might form the basis for a long term plan...e.g. staffing up with web security
experts.

In the end, my first approximation is that if it's on the web it's insecure
and even banks assume some losses.

Good luck.

