Balancing Security, Cost, Ease of Use and Privacy

One of the challenges of an information technology professional is working with a client to find the balance between competing demands for a system. We need our systems to be secure, but for inexperienced and untrained users, increased security can create a usability challenge, thus decreasing the utility of the system. Ensuring privacy, secure and ease of use increase system costs so when funding is limited, we must prioritize these requirements. How do you decide what is the best compromise? What if your client has other priorities?

Consider this scenario:


You've been hired as a consultant for a community clinic that works with families that have problems of family violence. The clinic has three sites in the same city, including a shelter for battered women and children. The director wants a computerized record and appointment system, networked for all the sites. She wants a few tablets on which staffers can carry records when they visit clients at home and stay in touch with clients by email. She asked about an app for these tablets and the staffers’ smartphones by which they could access records at other related social service agencies. At the shelter, staffers use only first names for clients, but the records contain last names and forwarding addresses of women who have recently left. The clinic’s budget is small and comes primarily from donations and grants. Most staffers do their work on paper, word processing or spreadsheet applications on one of two shared desktop computers in the main clinic office.

It may seem strange that any business or organization uses paper or simple office applications in this age. But often a small business begins with few clients and staff and no computer expertise. As the organization grows, keeping records and managing the business manually does not scale, so the organization sees the needs to transition to a more robust computer system. Currently, the sensitive information carried by staffers can be accessed only by someone who has physical access to the paper copies or one of the shared desktop computers.

The clinic director is aware of the sensitivity of the information in the records and knows that inappropriate release of information can result in embarrassment for families using the clinic and physical harm to women who use the shelter. But she might not be aware of the risks of the technologies in the system she wants. You, as the information technology professional, have specialized knowledge in this area.

When proposing a clinic system, it is as much your obligation to warn the director of the risks as it is that of a physician to warn a patient of side-effects of a drug he or she prescribes. Keep in mind that the security features you recommend will make the system more expensive.

Suppose the director says the clinic cannot afford all the security features. She wants you to develop a system without most of them. You have several options:

  • develop a cheap, but vulnerable, system,
  • refuse and perhaps lose the job to someone willing to compromise security
  • add security features and not charge for them, or
  • work out a compromise that includes the protections you consider essential.

(This is based on Section 9.3.2 and Exercise 9.44 in A Gift of Fire, 5e)

Part 1: Start the dialog. The director has asked you to rank your suggestions for security and privacy protection measures so that she can choose the most important ones while still trying to stay within her small budget. Group the suggestions into at least three categories: imperative, important, and recommended. Include explanations you might give her and assumptions you make (or questions you would ask her) to help determine the importance of some features.

Part 2: Push back. Now, assume the role of the clinic director. (Select another student's post and push back against the recommendations.) You have a very limited budget. What are the weaknesses in the proposal? What are the areas where the extra security features don't seem to be justified? Remember, as the director, you're not as technically knowledgeable or experienced.

Your proposal in Part 1 should be as convincing as possible -- in a real scenario, you may not get a second chance to respond to the director's comments, she may simply decide to not go forward because of the costs and risks.