Security by Design
9th November 2020
The term essentially refers to a method of security whereby your business software has been designed with built in, robust security features from the ground up. This approach enables you to be proactive rather than reactive, in order to minimise the likelihood of a compromised security system. Through designing your business processes with security built-in from the offset, your organisation can have the confidence to drive transformative change and business growth, safe in the knowledge that your business infrastructure has been designed to not just mitigate the damage of breaches, but to prevent them in the first place.
EY Global Information Security Survey 2020 revealed that 65% of organisations only consider cyber-security once it’s too late. This statistic is worrying – particularly when considering that the regularity and complexity of cyber-crime is only increasing with the rising trend of remote working. Keeping your network and data secure should be of principle importance to all businesses – if your systems become compromised this can result in costly consequences, not to mention a damaged reputation.
For this reason, Security by Design is becoming increasingly utilised, as the security-first approach creates an infrastructure that is not only resilient to breaches, but also systems that are easier to manage and monitor.
Firstly, establish secure defaults – the technical policies and configurations should follow government and Microsoft Cyber Security best practices to ensure minimal security risk to your business. For example, implementing Multi-Factor Authorisation (MFA) or least-privileged access.
Secondly – leverage Software as a Service (SaaS) where possible for your security-first infrastructure. This will reduce risk of ownership and ongoing management overheads whilst empowering your business to harness the resilience and power of cloud-computing.
Building a Security by Design infrastructure should additionally ensure that it is deployed and configured in line with Cyber Essentials Plus and NCSC guidelines, along with any other specific compliance requirements needed for your organisation.
Finally, the deployed systems should be configured so that they are not only designed with security-first, but that they are easily scalable and able to securely flex and adapt as your business changes or grows.
One aspect of the Security by Design approach that some businesses can find challenging however, is striking the right balance between security and usability. Whilst secure systems should be a priority for business leaders, user experience cannot be overlooked. One way to combat this challenge is for your Managed Service Provider (MSP) to keep the IT Service team and the Security Operations team separate. By doing this, there is a healthy balance between the requirements of the team whose job it is to facilitate the users and make their jobs easier, and the team whose task is to protect the network and close down the potential vulnerabilities.
At Stripe OLT, Security by Design is at the heart of our offering. We have a separate, dedicated team of cyber-security experts, who can provide a host of services ranging from Penetration Testing and Vulnerability Assessments, to Threat Intelligence and Incident Response. In addition, all major projects are passed to the Security Operations team for review as part of the design phase, to ensure a Security by Design approach is implemented.
Our experience lies in a wide range of sectors – from finance and legal, where security is of paramount importance, to the entertainment and leisure industry, where flexibility is the order of the day. As a result, our team of experts can bring a wealth of knowledge and experience to the decisions that you make around collaboration and security – to help you find the right balance between security and usability for your business.
If you would like more information on securing your organisation, get in touch with one of our team here.