Two security professionals explore the meaning of 'Secure by Design'.
Adaptive technology is about iterating and adapting what you use so that it continually meets business and user needs. Security's no different: it's the thread that weaves through our Adaptive Technology Model.
In the old world, the ‘set it and forget it’ mentality might have been fine. The threats were less pervasive, less fast changing, and there was a perimeter you could secure.
In the new world, there is no perimeter and technology isn't stagnant.
Similarly, security isn't flat - it's not a series of static points along an adaptive journey. Security is as adaptive as technology itself. When we talk about Secure by Design at IT Lab, we see it as a principle which should be baked into:
- Your everyday processes
- The culture of your people
- The way you architect and construct your infrastructure, whether on-premise or in the cloud
- How you continue to design and develop your systems as you refine your processes, IT, and business strategies
What Presents the Biggest Risk to Your Security?
Employees often present the biggest risk to security, so we asked our Michael Bateman and Pravesh Kara how organisations could improve culture.
Bateman: “End users take measures to safeguard themselves in their personal lives. For example, protecting their passwords and bank details against fraud. It’s about encouraging them to make the link with their behaviour at work and to think about their employer’s security in the same way.”
Kara answers the same question in the context of developers: “There's a lot of pride and competition in the developer community, so gamify it. They already compete to be the top developer; who can create the most succinct and cleanest code for example. These attributes help towards securing coding principles, and therefore secure by design.”
How Should You Approach Secure by Design?
An Adaptive Service Framework is the operating model for Adaptive Technology. It's made up of three elements:
- Service Integration
- Presentation Integration
- Business Integration
We asked Pravesh Kara to outline how Secure by Design fits with this operating model: “Service is essentially the connector; you need confidence that the integrated components, specifically the containers and the transports, are secure.
“Presentation - what the user sees - is relevant as you must protect your users from compromise, especially user-focussed attacks such as cross-site scripting and click-jacking for example.”
Kara continues: “From a business application and logic perspective, you have to maintain the integrity of the processes and the data those applications have access to.”
Our experts agree that organisations planning to implement an Adaptive Technology Model should begin with the security conversation.
Bateman: “Given the term ‘by design’, secure by design should be the first consideration. Regarding the other Adaptive Technology elements, there isn't a natural order of precedence. It depends on the specific circumstances within each organisation.”
Click here to explore our Adaptive Technology Model Hub and discover other rich resources.