Embracing ‘Security by Design’: Building a More Secure Framework
Research is showing how critical cybersecurity has become to organizations. It's a quickly growing C-suite business concern, and companies are investing more than ever to fight cyberthreats.
A new survey of global IT professionals, which we will be unveiling in the coming weeks, underscores once again how critical cybersecurity has become to organizations. Not only was it identified as a leading C-suite business concern above all other issues, but it’s also clear that companies are investing more than ever in programs aimed at fighting cyberthreats.
It’s easy to understand why. The array of attack vectors we face these days is multifaceted and ever-growing. Today, it’s possible to buy hacking software for as little as $5 and cause havoc from anywhere in the world. Open redirect, in the headlines recently, is just the latest in a serious of increasingly devious schemes that have security teams scrambling.
According to the latest version of the Cisco/Cybersecurity Ventures "2022 Cybersecurity Almanac," the cost of cybercrime is predicted to hit $10.5 trillion by 2025. Organizations have come to understand that increased investment is not just advisable, but downright mandatory for the survival of the business. More than ever, a comprehensive security strategy is a critical component of the success of any enterprise. But it’s not just about money – it’s also about people.
Security at Every Keystroke
Alongside this intense focus on cybersecurity and increased investment in countermeasures, another critical organizational shift has taken place. Once an isolated, siloed group within many IT organizations, security professionals are now, by necessity, at the very core of product development, working seamlessly alongside others on integrated DevOps teams.
Back when four walls existed within organizations, security teams could run developers through a series of tests to ensure a baseline level of security: Did you follow the patterns? Did you use all of our secure database connections? But with the gradual demise of data centers and the erasing of network boundaries, most applications today are a combination of original code and other services. Moreover, with users spread across the globe, whether they're employees or not, we have a recipe for just way too many points of injection of bad guys. The bottom line is that additional complexity in how organizations deploy their IT infrastructure has created additional layers of vulnerability.
These new vulnerabilities have brought about a host of new questions that companies have been forced to address, such as: How is security going to impact the design and architecture? How are our developers following patterns to ensure security? How are we monitoring for potential flaws in the cloud or with third-party services?
Realizing that security could not simply be bolted on as an afterthought, a security by stage mindset has – for most organizations – been replaced by a “security by design” mindset. Once considered potential bearers of bad news, security professionals today are seen by their peers less as adversaries and more as key allies, helping ensure that quality and resiliency gets delivered at pace, without costly missteps. Whereas checking the security box used to be executed incrementally as organizations went through different “phase gates” of the application development process, now it's part of every keystroke.
Cloud Security, Out of the Box
Happily, there are also a number of great out-of-the-box tools that security professionals can use to make their lives, and the lives of their teams, easier. Companies such as our partner Oak 9 give organizations the ability to automate cloud-native security across DevOps processes, from design to production. By integrating security before apps go live in the cloud environment, companies can remediate security and address compliance gaps in real-time, without the added cost or human resources necessary to create solutions from scratch.
As companies continue their cloud transformations, security will continue to loom as a key concern as the bad guys aren’t giving up. But by thinking about security at every step of the process, continuing to break down silos, and determining how third-party vendors and ready-made solutions can help ease the transition, app development teams can make their lives far easier.
About the Authors
Chief Technical Evangelist
Jeff has 25 years of experience in IT and technology, and has worked at Rackspace Technology for over 10 years. Jeff is a proven strategic leader who has helped companies like American Express, Ralph Lauren, and Thompson Reuters create and execute against multi-year digital transformation strategies. During his time at Rackspace Technology, Jeff has launched and managed many of the products and services that Rackspace Technology offers, as well as supporting merger and acquisition activities to enhance those offerings. Jeff is the father of two young men and husband to his wife Michelle of 27 years. When not at Rackspace Technology or around San Antonio, you can find Jeff doing land restoration on his ranch in the Texas hill country.Read more about Jeff DeVerter