Adaptive Technology is about iterating and adapting the technology you use so that it continually meets business and user needs. Security is no different and is the thread that weaves through IT Lab’s Adaptive Technology Model.
In the old world, the ‘set it and forget it’ mentality might have been fine. The threats were less pervasive, less fast changing, and there was a perimeter you could secure. In the new world, there is no perimeter and technology is not stagnant.
Similarly, security is not flat – it is not a series of static points along an adaptive journey. Security is as adaptive as technology itself. When we talk about Secure by Design at IT Lab, we see it as a principle which should be baked into:
- Your everyday processes
- The culture of your people
- The way you architect and construct your infrastructure, be it on-premise or in the cloud
- How you continue to design and iterate your systems as you develop your processes and IT and business strategies
Employees often present the biggest risk to security, so we asked two of our cybercrime experts, Michael Bateman and Pravesh Kara, how organisations could improve culture. Michael Bateman: “End users take measures to safeguard themselves in their personal lives. For example, protecting their passwords and bank details against fraud. It’s about encouraging them to make the link with their behaviour at work and to think about their employer’s security in the same way.”
Pravesh Kara addressed the question with respect to developers: “There is a lot of pride and competition in the developer community, so gamify it. They already compete to be the top developer – who can create the most succinct and cleanest code. Those attributes help towards securing coding principles, and therefore secure by design.”
Approaching Secure by Design
An Adaptive Service Framework is the operating model for Adaptive Technology, comprising of three elements:
- Service Integration
- Presentation Integration
- Business Integration
We asked Pravesh Kara to outline how Secure by Design fits with this operating model: “Service is essentially the connector; you need to have the confidence that the integrated components, specifically the containers and the transports, are secure.
“Presentation, what the user sees, is relevant as you need to protect your users from compromise, especially user-focussed attacks such as cross-site scripting and click-jacking for example.”
He continued: “From a business application and logic perspective, you have to maintain the integrity of the processes and the data those applications have access to.”
Our experts agreed that organisations seeking to implement an Adaptive Technology Model should begin with the security conversation. Michael Bateman: “Given the term ‘by design’ the Secure by Design enabler should be the first consideration. With respect to the other Adaptive Technology enablers, I don’t think there’s a natural order of precedence. It depends on the specific circumstances within each organisation.”
IT Lab’s next blog on this enabler looks at what business leaders and technologists should consider before implementing Secure by Design, and the pitfalls to avoid.
Click here to explore our Adaptive Technology Model Hub and discover other rich resources.