Spreadsheets in the enterprise, considering availability (pt 3/5) 0
Posted on 25, March 2014
in Category bsg insight
This post is part of a series considering the security implications of using Excel / spreadsheets for decision making. At a macro level, it is about applying a framework (CIADA) as a lens reflecting on how standalone, general tools have considerable security constraints.
The initial observations that led to this post can be found here.
This post looks at the perspective of availability - defined for this purpose as “concerns unwanted withholding of information”.
Availability is simply the ability to get what you want from the system when you need it. There should not be any barriers outside of the checks and balances that manage the other security perspectives in the CIADA model.
Given that Excel is a fairly robust and prevalent industry application, there are not many software ‘features’ that may deliberately or inadvertently withhold information from its own users; though a side thought would caution against passwords only known by one person which is a simple but important risk.
Beyond this, I am slightly at a loss with regards to the specific availability threats in the context of decision support and reporting with Excel. The threats would be largely similar to any system I think… maybe there is something I am missing under this heading.
Appropriateness and alternatives advice is thin on the ground given that the risks cross solutions. So… um… yeah… (tumbleweed).
Contact me if you think of anything deep and meaningful - tweet me using @stugom or email me using stuart [dot] gomersall at bsguk [dot] co [dot] uk - and we can revise this post with appropriate credits where due.
Stuart is a Principal Consultant at BSG (UK). Stuart has led several large systems development projects using a variety of delivery methodologies (agile, waterfall, iterative) on time, on budget and to specification. He is the lead on our Distributed Development service.