You may have already heard that on December 31st, 2013, Snapchat was hacked and 4.6MM records were subsequently compromised. According to the official blog, “an attacker released a database of partially redacted phone numbers and usernames.” It turns out the hacker(s) had exploited the “Find Friends” API to try to return the username of automatically generated phone number combinations.
In this case, only phone numbers and usernames were released. Pretty harmless, right? Not quite. The most substantial loss that Snapchat faces in this situation is the loss of trust. Snapchat, along with other organizations that have faced similar challenges, will ultimately recover and fix flaws to become stronger than ever before.
Failing to provide the expected data security is not the only way to lose a customer’s trust. As users increase dependencies on online services, unavailability due to IT challenges is becoming less acceptable than ever before. Healthcare.gov was perhaps the most famous example of a massive high availability failure. According to news outlets, even though over half a billion dollars was invested in the system, only six people were able to sign up for health insurance on the first day due to website crashes. Many companies are now providing operational transparency through appropriately named “trust” websites that provide users open visibility into live and historical data uptime data. Check out some of these examples from Salesforce, Google Apps, Github, and MuleSoft.
Root cause analysis often identifies poor planning and the lack of a robust, scalable IT infrastructure as the culprits behind these trust failures. How can you build an IT infrastructure that earns and maintains the trust of your customers?
Build for agile growth
Prohibit point to point integration in your organization and enforce loose coupling instead. Without loose coupling practices, your integrations could break with a change in any third party API, endpoint, policy, parameter, or even response format. If you have worked with APIs in the past, you’ll know that these changes can occur haphazardly and without warning. In 2011, Jeff Bezos enforced this mandate with these six rules, which have contributed to Amazon’s continued success to date. Even the United States Government is adopting a service oriented architecture!
Prepare for scale
Workloads should be distributed globally to mitigate risk of system failure. Cluster your services to ensure failover and reliability. Building a resilient architecture guarantees that it will be ready when traffic increases. Make sure to load test the system well beyond expectations before it is generally available.
Govern, manage, and monitor all of your APIs. Configure policies to enforce throttling, rate limiting, and security and contracts to manage SLAs with individual applications. Snapchat has confirmed that the next release will enable rate limiting to prevent further leaks.
Secure your infrastructure
HTTPS, SAML, OAuth, WS-Security, LDAP, and Secure Data Gateway should be very familiar terms for the developer concerned with security. Use these standards to prevent unauthorized access to your systems. Store credentials in a secure service registry to prevent access from prying eyes.