Growing up as an original trilogy fan, I never imagined as an adult that I’d be writing about “Star Wars” in anticipation of another brand-new film being released. My excitement around the cinematic rebirth of a franchise that means so much to so many got me thinking about “The Force Awakens” and the parallels between it and the original trilogy.
One thing that came to mind was that the Empire, for all its power and influence, keeps making the same mistakes. This is most evident in its security practices.
When I look at it from a digital marketing standpoint, the Empire ... I mean the First Order (after an obvious rebranding exercise) is in desperate need of a post-mortem after the destruction of the Starkiller Base. What should have been a vast improvement on the previous model of planet-eliminating weaponry was infiltrated and destroyed in much the same way.
The very definition of insanity is doing the same thing over and over and expecting a different result. It’s also poor business practice. It’s time for the darkside to upgrade and take full advantage of their technology landscape.
(There are so many more examples, going all the way back to the first Death Star, but for the sake of brevity, let’s focus on the the First Order).
Simple Roles and Permissions
There are clearly different ranks within the First Order along with different roles. It stands to reason that much like modern military organizations, there are a number of combat roles and administrative roles.
Although a stormtrooper might have a dual function as a soldier and as a sanitation worker, they should have had limited access to certain areas of the Starkiller Base.
Were there some kind of specialized cleaning needs for the main oscillator?
Also, how did he know exactly where it was? Why was he able to access any part of the base he wanted, whenever he wanted?
System isolation is another way the First Order could be better secured the Starkiller Base. Permissions and user accounts should not transfer from one system to another.
Even if they had implemented SSO technology, having administration access in one of the systems does not automatically confer admin access to them all. All of the systems and the underlying permissions should remain isolated. It seems that any access level, from maintenance worker on up to the general/admiral have the same access.
It also seems like the First Order has a poorly defined termination processes. Finn -- or FN-2187, as he was called while employed by the First Order -- appears to use his old credentials to access the Starkiller Base.
Unless all codes are the same (which is another terrible security practice), his should have been deactivated as soon as he defected. This also allowed Han Solo and Chewbacca access to the base via a practice called “piggybacking,” gaining access to a restricted area through a credentialed personnel.
Since this most basic principle was not implemented in the physical space, it is possible, even likely, given other events in the movie, that it wasn't done digitally either.
On-Premise vs. Cloud
Despite future technology, like as droids with sentient programming and interstellar vehicles with hyperdrive capabilities, the idea of storing data in the cloud instead of on premise seems completely foreign to the Empire / First Order. Nearly all of the security breaches in the history of the Rebellion center around on premise data storage facilities being infiltrated.
It’s understandable why an organization like the First Order would want total control over where its data is stored in a very concrete way. The cloud seems as intangible as the force compared to having your own servers on site where you can see and touch them, on your own base / planet.
However, it has been proven in our universe and a galaxy far far away, that on-premise does not equal secure. Plus that fancy shield technology we saw in “Rogue One” could be applied elsewhere.
Any successful cloud implementation would have security protocols in place. These wouldn’t just be limited to clearance (which we already know is tricky) but include encryption, firewalls, and other forms of compliance.