All corporate data within a company should be subject to the CIA triad: Confidentiality, Integrity and Availability. One of the elements that can become a risk to data integrity is an incorrect version of software.
The IT department rolls out a new version of the CRM application at Shortinfosec Democorp.
Due to specific requirements of the director of sales, his assistant's computer does not update the CRM application automatically. At the moment of the rollout, her computer was off, and was unreachable for a manual update.
The following morning, the director of sales gets a call from a VIP customer with a new order for a high-end network analyzer. He calls up his assistant and instructs her to insert new order into the CRM. The assistant uses her CRM program and inserts the new order.
As a result, the order multiplies to all VIP customers, which triggers a lot of confusion in account and order management until it is resolved.
During the rollout of the new version of the CRM program, the CRM database was updated to function with the new version of the front end. This included a modification in the engine that manages orders, and resulted in erroneous.
Incoherent versions of frontend and backend can create any number of problems with the underlying data, corrupt it or even destroy it. The following measures should be implemented to mitigate the risk to data integrity from wrong versions:
- The software manufacturer should implement a function within the application which will compare the application version to an expected current version stored in the database.
- The expected current version should be updated within the application database during the rollout, using a standardised and documented process delivered by the software manufacturer.
- If the application version does not match the expected current version, it should either visually and audibly alert the user of the incoherence, or refuse to function.
- The company that purchases the application must implement a policy by which employees will immediately alert IT when they see a message of wrong version.
3 rules to keep attention to detail in Software Development
8 Golden Rules of Change Management
Application security - too much function brings problems
Talkback and comments are most welcome