We, the developers, of course, try to create the most secure (web) application that will not be hacked. While we already know that it is impossible to know with certainty if your application is safe, at least we do our best.
When choosing one of the great platform solutions in the cloud (Azure, AWS, Google), at least you will know that they do everything possible to keep hackers away from their web servers / database.
Then, we choose e-commerce, for example: many customers, many personal data stored in a database.
Let's say Azure / AWS / Google does its job well in security and the developers do their job well in security. That means that it's really about your users.
You know, those users who use the same password everywhere, ending their birthday and one! because some password fields require a special icon. Those users who click on any link they receive in their inbox.
Most, if not all, web applications allow you to export data. "I want to analyze the sales of last year", "I want to analyze the inventory of stocks". All valid reasons to get your data in Excel and play with the data.
Now what I ask myself, in what way do small and large companies deal with security?
In theory, an employee could export all the client's data, store it on his personal computer, the personal computer is stolen and, 5 days later, an impressive online database appears containing all the information of its users. And these days it is not so strange that small and large companies are hacked.
- Limit to the user the amount of data that can be exported?
- In some way allow or deny access to the export of certain fields?
- Does it always require a cloud storage such as Microsoft OneDrive and educate the user not to download it?
- Use Active Directory while employees use their personal computers?
- Do not export anything and provide dashboard graphics on demand?