One security weakness at Aircraft Solutions is with regards to their software and its corresponding policy. In particular, the case study states that customer data such as development models, computer-aided designs, and project information are stored in designated servers. Since the case study did not indicate any software that would serve as the repository, it can be assumed that the files are just saved and stored as they are in directories or folders within the servers. They are not saved in document management systems or versioning systems that will keep track of every version of the files that are stored in them. Examples of these document management systems are Documentum and Visual Studio.
In particular, document management systems like Documentum (EMC, n.d.) stores the files in a database so that they can be backed up and restored if anything goes wrong with the physical server or if the user accidentally deletes a file. It also has versioning capability, which means that a new version of a file is saved every time a change is made to it. This enables old versions of the files to be restored, especially if errors are made in the new versions. It also provides information on who made the latest change to the file, which would in turn promote accountability for the access and management of these files. Moreover, these systems allow for workflow rules to be created to determine when a document can already move to the next phase.
Software such as Visual Studio (Otey, 2012) works in almost the same way as Documentum except that it’s more appropriate for storing program codes than for storing entire documents. As such, documents such as project information and product designs should ideally be stored in document management systems. Moreover, the document system should have a workflow rule that only when the customer has approved a design will the programmer be able to access it. The programmer would then store their program codes in versioning systems like Visual Studio. As well, access to files in these systems can be defined by groups where, for example, only programmers will be allowed to access files from Visual Studio and that customers will have read-only access for the files in Documentum.
However, without such systems and policies in place, the data is vulnerable to being lost or tampered with. For example, files may accidentally or intentionally be deleted. Without backup files then it would take a lot of time to try to restore or recreate the said files. Similarly, if natural disasters occur then data may also be lost. In addition, without the security features provided by document and versioning systems, anyone may intentionally or accidentally edit the files, which may lead to the information in these files becoming inaccurate. Moreover, when these files are erroneously modified then it can be difficult to restore it to its initial state as no copy of the previous version is saved.
The possible threat to this is that with the files just stored in the server without any document management system, hackers may delete or tamper with these files. In particular, since Aircraft Solutions develops solutions for various customers, the competitors of those customers might sabotage or steal the customers’ designs. Without a good policy in place for when programmers can start working on a design (currently, programmers work on designs that are already in the Engineering Release (ER) directory) then people with malicious intentions may place designs in the ER directory even without the customer’s approval. This may then lead to programmers developing an application based on the wrong design, which can result in wasted resources and dissatisfied customers.
There is a high risk of the threats occurring since everyone in the company accesses the same systems or servers, be it the contractors, suppliers, customers, or employees. Moreover, the same BPM system is used in the various geographic locations of Aircraft Solutions, which further increases the risk of the company’s data falling into the wrong hands.If the threat occurs then it can cause delays in mission critical business processes. Moreover, developing a product that does not conform to the correct design may lead to safety issues such as plane crashes or plane malfunctions. Furthermore, not being able to satisfy the customers’ requirements may cause customer dissatisfaction, which may in turn make these customers take their business elsewhere.
Similarly, should the customer’s product ideas be stolen or sabotaged by competitors because of Aircraft Solutions not having enough security policies in place for the protection of the customers’ files then Aircraft Solutions is bound to develop a negative reputation where it will lose the trust and confidence of both its present and future customers. Moreover, by not having systems such as document management systems and versioning systems in place where the workflow processes are automated, some of the product development phases or processes may be overlooked, which may result in the delay of the product’s release. This is especially critical with new products, as a delay in its release can give competitors a window of opportunity for releasing the same product first. Finally, if any of Aircraft Solutions’ products cause any harm to the public, then not only will they potentially lose business but will also likely end up in numerous litigations, which will mean more expenses and less profits for the company.
EMC. (n.d.) EMC Documentum Enterprise Content Management Platform. Retrieved from http://www.aiim.org.uk/publications/roadmap/pdfs/EMC%20%20Documentum%20Platform.pdf
Otey, M. (2012, June 8). Top new features of Visual Studio 2012. Retrieved from http://www.sqlmag.com/article/visual-studio2/features-visual-studio-2012-143367