Adaptive Security

Adaptive tech is about iterating and adapting the technology you use so that it continually meets business and user needs. Security's no different: it's the thread that weaves through our Adaptive Technology Model.

In the old world, the ‘set it and forget it’ mentality might have been fine. The threats were less pervasive, less fast changing, and there was a perimeter you could secure.

In the new world, there is no perimeter and technology is not stagnant.

Similarly, security isn't flat - it's not a series of static points along an adaptive journey. Security is as adaptive as technology itself. When we talk about Secure by Design at IT Lab, we see it as a principle which should be baked into:

  • Your everyday processes
  • The culture of your people
  • The way you architect and construct your infrastructure, whether on-premise or in the cloud
  • How you continue to design and iterate your systems as you develop your processes, IT, and business strategies

What Presents the Biggest Risk to Your Security?

Employees often present the biggest risk to security, so we asked two of our cyber-crime experts, Michael Bateman and Pravesh Kara, how organisations could improve culture.

Michael Bateman: “End users take measures to safeguard themselves in their personal lives. For example, protecting their passwords and bank details against fraud. It’s about encouraging them to make the link with their behaviour at work and to think about their employer’s security in the same way.”

Pravesh Kara answers the same question with respect to developers: “There's a lot of pride and competition in the developer community, so gamify it. They already compete to be the top developer; who can create the most succinct and cleanest code for example. These attributes help towards securing coding principles, and therefore secure by design.”

Explore your cyber security options.  

HOW SHOULD YOU Approach Secure by Design?

An Adaptive Service Framework is the operating model for Adaptive Technology, comprising of three elements:

  1. Service Integration
  2. Presentation Integration
  3. Business Integration

We asked Pravesh Kara to outline how Secure by Design fits with this operating model: “Service is essentially the connector; you need confidence that the integrated components, specifically the containers and the transports, are secure.

“Presentation - what the user sees - is relevant as you must protect your users from compromise, especially user-focussed attacks such as cross-site scripting and click-jacking for example.”

Kara continues: “From a business application and logic perspective, you have to maintain the integrity of the processes and the data those applications have access to.”

Our experts agree that organisations seeking to implement an Adaptive Technology Model should begin with the security conversation.

Michael Bateman: “Given the term ‘by design’, secure by design should be the first consideration. With respect to the other Adaptive Technology elements, I don’t think there’s a natural order of precedence. It depends on the specific circumstances within each organisation.”

IT Lab’s next blog on secure by design looks at what business leaders and technologists should consider before implementation, and the pitfalls to avoid.

Click here to explore our Adaptive Technology Model Hub and discover other rich resources.

Written by Christine Ellis