Unpacking secure by design

Over the past few years we’ve seen organizations forced to take their security more seriously, moving from something of a grudge purchase to one of the key discussion points at the start of any project.  

As a company, this approach is something that we’ve always embraced. The idea of ‘secure by design’ is a manifestation of our core belief that we shouldn’t even start before we’ve considered the security implications of the solution. 

What we’ve seen is that in the past 12 months is that this idea has become a fundamental issue in all technology decision making processes. With an understanding that it’s much harder to implement security once technology is up and running, our clients are asking ‘how is this going to be secured?’ before they make any decisions.  

Aligning security and business 

This means that today, more than ever, there’s a close alignment between security teams and business objectives. 

To help our clients achieve this, we’ve created a set of reference architectures that provide a starting point for our interactions with our clients. Every IT environment is different, but by leveraging this strategy we’re able to work from a core design that is proven and then adapt that to meet the specific needs of the client. 

This means that our interactions with our clients now start as a consulting engagement as opposed being product focused. We’re asking our clients ‘What outcomes are you looking to achieve?’ and ‘What’s an acceptable level of risk for your environment?’ before we start. This allows us to align the security solution very closely to the business outcome, something that would’ve been a pipe dream a few years ago.  

Approaching all technology with a secure by design approach means that security has stopped being done once and then forgotten about. Just as applications are constantly evolving so the security also constantly evolves, not just to the threat landscape but also to the needs of the organization. If an organization needs to cater for remote access to a greater degree, the focus of the security component would need to shift at the same time.  

Taking the pressure off internal teams 

This constant evolution puts pressure on IT teams, and as a result we’re seeing increased demand for our managed security services to support and manage the security requirements of our clients. It’s not just finding the right level of expertise that organizations battle with, it’s the requirement for continued vigilance across their entire IT environment. Security today is more about taking the information that you gather and using it to create actionable insights and doing this in real time. This isn’t something most organizations can do, and they need partners to provide them with this capability.

 It’s at this point that the concept of secure by design really comes to life. It’s not simply about delivering a service, but rather creating a relationship between the two organizations. When we speak to a client it’s not just a once off, we engage with all aspects of the company. From making sure that the right discussions are happening around the boardroom table, all the way to development teams and end-users who need to be educated around the risks that exist out there and how to identify them.

 By building these relationships and leveraging our strength as a global security organization we’re able to constantly innovate and find new ways to ensure that our clients stay ahead of the evolving threat landscape.

To find out more about our security services, click here