Feature Driven Technology

Welcome to this week’s edition of the Bastion Brief Newsletter. Did you accomplish all your goals this week? I hope you continue to find success in your industry and thank you for reading weekly.

This week Instagram rolled out a number of features focused on algorithms that changed the user experience across their platform to more closely mirror the experience users have on TikTok. They quickly rolled back the updates after major backlash across user feedback systems. This is a huge win for users as they are contributing to the way technology systems are implemented across the business and entertainment industries. Features should drive user enjoyment and should be dominated by best fit, rather than copying a competitor for attention.

In our feature driven society, technology unfortunately falls short on delivering a great user experience while keeping security in mind. New features create new connections, serve new functions, and store data in specific ways. When developers add new updates, they create more to manage in the overall security posture of a piece of technology.

A challenge can be observed when competitors race to add new features that mirror another application. They will implement these in a similar fashion, sometimes using the same architecture driven by recent employees of a competitor that are hired for their expertise. For security, it can create a situation where one security control is chosen throughout these similar features. If an attacker can defeat the security controls in one application, they may be able to penetrate the architecture across many using the same tactics.

In the popular security as a service world, we can observe the exact same poaching behavior by service providers. For managed security services, metrics and features drive a sizable portion of the selling factor. When all the security solutions start to look the same, it can confuse teams thinking they have the best standard of security. In reality, they may have a lot of features that do not add much to their security environment even if they seem valuable. A skilled attack team may be able to dissect all the portions of a service seeking a way in.

The events of the week are the ideal situation for better user experience as well as properly designed security. If users continue to provide honest feedback about what features they want on their platforms, it will create a better identity for applications moving forward. It also will demand unique security postures where security engineers are included in early design stages. The architecture of one product will look very different than another, leading to stronger resistance to low effort attack vectors like the use of bot networks.

My major tip this week:

Continue to provide feedback to support teams when features are broken or weak in their design. If you hate an update, speak up. Gaining access to a portion of a system that is not intended for the public or even content that doesn’t work can be a major red flag for teams to address.

I hope you enjoy a relaxing weekend, don’t forget to check out our latest @bastionbrief. Thanks for reading and I can’t wait to hear your feedback!