Asset Depot's Security Philosophy
"Embracing a philosophy of code and third-party minimalism, prioritizing simplicity and privacy."
AssetDepot differs from many of today's tech companies due to it's "security and privacy first" approach. We are not in the data collection and sales business as so many other tech companies secretly are. Part of our vision is to engineer the best technology solutions for the power industry above all else. On top of good old-fashioned basic security practices, AssetDepot believes that a greater level of security can be achieved through minimizing bloat as much as possible, using as few third-party resources as possible and keeping systems simple.
Minimizing Bloat
Bloat not only negatively affects performance, but it can also increase a systems threat exposure. AssetDepot continues to chip away at minimizing bloat, through efficiency minded software engineering and minimizing reliance on third-party resources.
Using fewer third-party resources
Third-party resources can save you time and sometimes offer better and/or increased security. Why re-invent the wheel when there's already a team who specializes in making the best possible version of the wheel? Like most things in life, proper moderation is key. When relied on too much, third party resources can go from a helpful time saver to a security, privacy and legal nightmare. The more your system build relies on the integration of third-party resources, the more obscurity you are adding. This obscurity can lead to longer bug resolution times, increased security response times and an inability to perform thorough auditing. What happens if a core system component is built using a resource that gets abandoned? Or the licensing abruptly changes to an agreement that is no longer compatible?
Using third-party resources at some stage in modern software development is almost unavoidable. But as mentioned previously, the proper balance of in-house engineering and use of third-party where it makes sense is incredibly important. AssetDepot strives to be as self reliant as possible. We want to be able to easily audit our systems, respond quickly to exploits and achieve fast resolution times for bug fixes. We want to know where 'code' is coming from and whats in it. We want minimize our apps "size" to ensure optimal field performance. We use third-party resources only where security or performance dictates a specialized team with dedicated experience.
AssetDepot does not use the public cloud. We operate private hosting infrastructure, giving us much more control over the software, hardware and people that will interfacing with our web applications. We take a holistic approach when thinking about security, therefore we include the infrastructure in the equation.
Keeping systems simple
In our engineering team, we tell each other to KISS... We tell them to "keep it simple stupid!" Our focus is to ensure our core app remains as static as possible and minimizes client-side overhead. We achieve this through a heavy reliance on server-side rendering and using plain-old vanilla javascript. This means that our app has broad compatibility across different browser of varying age. We also can provide service to users who may be out in the field with limited connectivity and bandwidth.
The future (AI)
AI offers a whole new future of productivity and innovation. While recognizing the power that AI can bring, AssetDepot is taking a conservative approach to it's implementation not only in our own work flows, but in how we offer and implement it in AssetDepot products. The negative security ramifications resulting from a blind dive into the technology are virtually limitless. Any and all AI technology we utilize is required to run in a completely isolated environment that is under our control. The training models must also be completely open and audited by multiple third parties. We will never force AI upon a customer who may be (rightfully) skeptical of the technology. You can count on the fact that our engineers are objective, critical thinkers who do not follow the crowd simply because "everyone else is." We are consistently analyzing new technology from a holistic view point to determine the risk vs benefit it carries.