Secure by Design – A proactive approach to protecting your organization
With digital transformation in the spotlight, and rightly so, it makes much sense to adopt a cybersecurity mindset to thwart growing threats from cybercriminals. What follows naturally is switching to a secure by design philosophy, as briefly introduced in my last article.
?Put simply, secure by design implies embedding cybersecurity principles at every stage of the lifecycle. As a result, enterprises can quickly formulate ways to ward off these threats and reduce risk. However, it means security must gain top priority from day zero in any endeavor at the enterprise level and involve all employees and other stakeholders, not just the cybersecurity team.
While this sounds perfect at a conceptual level, how does it translate into everyday activities for an enterprise? It begins with instilling a cybersecurity mindset into every employee. While propagating a culture change is a topic for another article, this one dwells on what secure by design implies for enterprises daily.
?First, with every action that an employee takes, these two simple questions must be posed and answered satisfactorily –
?1.????Is my enterprise secure? Typically, this is the cybersecurity team’s purview. This team plays a key role in securing the enterprise by devising appropriate policies, standards, processes and procedures- ??In addition, they track the effectiveness of such execution through monitoring and reviewing the adherence of various teams to the SbD principles.?They also implement and operate core cyber controls.
领英推荐
?2.????Am I doing it securely? Perhaps, the most critical realization emerging from this question is that enterprise cannot be secured only by the cyber security team, but it must be intertwined with the IT fabric and functions of the enterprise. Secure SDLC, DevSecOps, prioritized vulnerability remediation, zero-day patching, naming convention for the assets, access governance, secure cloud visibility are few of the examples. Extending it beyond the conventional IT realm, is another example that entails adopting zero-trust architecture as data proliferates across multiple access points and devices. Clearly, this broadens the attack surface, and a security first mindset is required to help protect the businesses across the different tenets of cyber threats.
?This shift in how security is integrated into the overall fabric of digitization sets the ball rolling for a secure by design approach across the organization. With secure by design, security is considered as an integral part of project lifecycle and not as an afterthought.
Infosys CyberSecurity: https://www.infosys.com/services/cyber-security.html ??
#fortifycyber #cybersecurity #SbD
Strategic IT Leadership & Delivery | AI & Machine Learning Advocate | PMP? Certified | Enterprise Architect | P&C Insurance Solutions Expert | Duck Creek Technology Specialist | Prompt Engineering
2 年Great article!
Senior Director - Client Services at Infosys
2 年Fantastic Views Kumar
Leading Data Privacy and Protection Delivery Unit
2 年Well said Kumar...SBD is one of the way to move towards proactive security posture enhancement for any organization.
Founder & CEO of WeXL AI
2 年Excellent way to protect the organization ..