Security by Design a myth or truth?

In the last article we looked at how Design thinking can change critical thinking process in Cyber Security. Security by Design is a new approach to cybersecurity that builds in risk thinking from the onset. Security by Design and Design thinking are tightly coupled with each other, and they will enable innovation with confidence.

Most organizations today know they must embrace new technology and continually innovate to remain competitive and relevant. In the rush to modernize their systems and operations, they introduce multiple vulnerabilities across their business, and expose themselves to a growing number of risks. Meanwhile, there are always more would-be attackers ready to exploit these weak spots, with virtually unlimited access to a plethora of software and services just a click away.

Here is a clear tendency to retrofit security tools around existing systems, simply ticking off items on compliance checklists, rather than building security into new products and services based on prior business risk calculations. This checklist mentality is not only inefficient but also at the root of several issues hindering the role and effectiveness of cybersecurity. Firstly, there is the fact that CISOs and security teams are perceived as obstacles in businesses that must quickly innovate to survive. Secondly, this mentality has given rise to an extremely fragmented and complex security market made up of thousands of vendors competing for security spend. This context can make it incredibly hard for organizations to maintain a clear, cohesive, and efficient security function.

As boards and C-suites begin to grasp the importance of the security function, they start to see the clear need for a new approach that enables them to pursue innovation with confidence while minimizing and managing the many risks. cybersecurity teams believe it’s time for a new take on cybersecurity: a proactive, pragmatic, and strategic approach that considers risk and security from the onset of any new initiative, and nurtures trust at every stage, this is Security by Design.

Rather than avoiding risk altogether, Security by Design is about enabling trust in systems, designs, and data so that organizations can take on more risk, lead transformational change and innovate with confidence.

But how to do that?

Security-by-Design is an approach to software and hardware development that seeks to minimize systems vulnerabilities and reduce the attack surface through designing and building security in every phase of the SDLC. This includes incorporating security specifications in the design, continuous security evaluation at each phase and adherence to best practices.

Specific to cybersecurity, Security-by-Design addresses the cyber protection considerations throughout a system’s lifecycle. This includes security design specifically for the identification, protection, detection, response, and recovery capabilities to strengthen the cyber resiliency of the system

The values of Security by Design:

• Early identification and mitigation of security vulnerabilities and misconfigurations of systems.
• Identification of shared security services and tools to reduce cost, while improving security posture through proven methods and techniques.
• Facilitation of informed key stakeholder decisions through comprehensive risk management in a timely manner.
• Documentation of important security decisions throughout the lifecycle of the system, ensuring that security was full considered during all phases.
• Improved systems operability that would otherwise be hampered by isolated security of systems.

Amit Ghodekar

[email protected]