What is ‘security by design’?

What is ‘security by design’?

In software engineering terms “secure by design’” means that the software has been both designed to be secure from the ground up and built in such a way as to minimize flaws that could compromise security. This concept is also referred to as “security by design”, “secured by design” and “build in security”, among others, and refers to thinking about security at the start of the project.

Security by design is of great importance for software and hardware development projects because as a system develops, it becomes harder to add security. Furthermore, addressing existing vulnerabilities and patching security holes as they are found can be a difficult process and will never be as effective as designing systems to be as secure as possible from the start. This concept can be approached through measures such as continuous testing, authentication safeguards and adherence to best programming practices.

The security by design practice is becoming crucial in the rapidly evolving world of the Internet of Things. For example, it has become an essential practice for securing the connected car from the very beginning of the manufacturing process. One of the major challenges for IoT security is the fact that security has not traditionally been considered in product design and manufacturing for connected appliances and objects. Therefore, as the IoT continues its massive expansion and more connected devices proliferate in the Industrial Internet of Things, it is important there is a system ensuring that tighter security is put in place.

It’s great to see that governments are not only recognizing the importance of “security by design” for protecting connected devices, but also taking actions for imposing this as a practice. For example, this month the UK Government published a policy paper, which contains a draft code of practice for strong security to be built into consumer IoT products by design. What is more, in September 2017 US lawmakers proposed a new legislation that seeks to address vulnerabilities in IoT devices.

Do you have any questions about the concept of “security by design”? Let us know in the comments below or by tweeting to us @JustAskGemalto.