Steps and challenges in Security by Design
27 May, 2021 6 min read
Security by design - is it really possible?
Security by design is no longer a mythical concept, but rather it’s one that today’s businesses very much need. It’s intention is to help ensure that networks, systems, technologies and products are all designed and built securely, in the first place. This approach gives businesses the assurance that once they are deployed and in use, they don’t have to worry where data is being stored, or when it is being moved or used by an application. When using a security by design approach, all data is protected in-use, in-storage and in-transit.
The UK’s National Cyber Security Centre (NCSC) also advocates for security by design and has published five principles to follow for the design of cyber secure systems:
The UK’s National Cyber Security Centre (NCSC) also advocates for security by design and has published five principles to follow for the design of cyber secure systems:
Security by design, step 1: Establish the context before designing a system
Before you can create a secure system design, you need to have a good understanding of the fundamentals and take action to address any identified short-comings.
Security by design, step 2: Make compromise difficult
Designing with security in mind means applying concepts and using techniques which make it harder for attackers to compromise your data or systems.
Security by design, step 3: Make disruption difficult
When high-value or critical services rely on technology for delivery, it becomes essential that the technology is always available. In these cases, the acceptable percentage of ‘down time’ can be effectively zero.
Security by design, step 4: Make compromise detection easier
Even if you take all available precautions, there’s still a chance your system will be compromised by a new or unknown attack. To give yourself the best chance of spotting these attacks, you should be well positioned to detect compromise.
Security by design, step 5: Reduce the impact of compromise
This is achieved by designing in a way that naturally minimises the severity of any compromise.
The challenges of security by design
First of all, security by design is great if you're building a brand new, stand-alone infrastructure from scratch, or if you're developing your own software application. But virtually every system, network or application is connected to something else, either via an API or the internet. So, while your system may be secure, there is no guarantee that the connected systems have been designed with the same rigour and attention to detail. Secure data silos are fine when data is inside, but real life means that data gets exported, and when that happens, it’s no longer protected.
Furthermore, the appetite and budgets for a rip and replace approach to IT are not what they used to be. This means there will be existing infrastructure components that will not be removed or software that cannot be retro-fitted with additional security.
In competitive markets, where time-to-market can be the difference between success and failure, spending time on designing and testing robust cyber security also tends to be seen as an unnecessary barrier, even when the expertise is available. However, this drive to innovate and bring new systems online quickly can easily lead to security vulnerabilities. We only have to look at the number of early IoT products that have been successfully hacked by security researchers and cyber criminals to realise the risks.
Furthermore, the appetite and budgets for a rip and replace approach to IT are not what they used to be. This means there will be existing infrastructure components that will not be removed or software that cannot be retro-fitted with additional security.
In competitive markets, where time-to-market can be the difference between success and failure, spending time on designing and testing robust cyber security also tends to be seen as an unnecessary barrier, even when the expertise is available. However, this drive to innovate and bring new systems online quickly can easily lead to security vulnerabilities. We only have to look at the number of early IoT products that have been successfully hacked by security researchers and cyber criminals to realise the risks.
To achieve security by design, we need to focus on the data itself
A fundamental assumption on which the traditional approach to security is based is that you want to keep the attackers out. It makes sense, but the truth is, it’s simply impossible. If it were possible we would not see daily headlines about successful cyberattacks.
So, if we can’t keep the cyber criminals from gaining access to our networks and systems, there needs to be another way of protecting data. IT Security must rethink its traditional 'castle and moat' methods of protection and prioritise a 'data centric' approach where security is built into data itself. Data security by design, you could say.
At SecureAge, we believe the only way to achieve security by design is to protect data wherever it exists: in-transit, in-use and in-storage. The difference is as follows:
- Data in-transit is digitised information traversing a network, such as when sending an email, accessing data from remote servers, uploading or downloading files to and from the cloud, or communicating via SMS or chat.
- Data in-use is information actively being accessed, processed or loaded into dynamic memory, such as active databases, or files being read, edited or discarded.
- Data in-storage is data that is stored in a digital form on a physical device, like a hard disk or USB drive.
By securing data in all of these three states it ensures that if it is stolen at any point, it remains protected and therefore useless to the thief - even if extracted by an ‘inside’ member of staff. That’s what our solution, the SecureAge Security Suite offers. It provides transparent, 100% file encryption because all data will be protected no matter wherever it gets saved or copied. This happens because security is part of the file rather than a feature of its storage location. It helps IT security experts as they no longer need to spend hours tweaking data classification rules, so that ‘important’ data gets more strongly protected - ALL data is important!
So, if we can’t keep the cyber criminals from gaining access to our networks and systems, there needs to be another way of protecting data. IT Security must rethink its traditional 'castle and moat' methods of protection and prioritise a 'data centric' approach where security is built into data itself. Data security by design, you could say.
At SecureAge, we believe the only way to achieve security by design is to protect data wherever it exists: in-transit, in-use and in-storage. The difference is as follows:
- Data in-transit is digitised information traversing a network, such as when sending an email, accessing data from remote servers, uploading or downloading files to and from the cloud, or communicating via SMS or chat.
- Data in-use is information actively being accessed, processed or loaded into dynamic memory, such as active databases, or files being read, edited or discarded.
- Data in-storage is data that is stored in a digital form on a physical device, like a hard disk or USB drive.
By securing data in all of these three states it ensures that if it is stolen at any point, it remains protected and therefore useless to the thief - even if extracted by an ‘inside’ member of staff. That’s what our solution, the SecureAge Security Suite offers. It provides transparent, 100% file encryption because all data will be protected no matter wherever it gets saved or copied. This happens because security is part of the file rather than a feature of its storage location. It helps IT security experts as they no longer need to spend hours tweaking data classification rules, so that ‘important’ data gets more strongly protected - ALL data is important!
Security by design made simple with the SecureAge Security Suite
Historically, there has been a trade-off between security and ease of use. For example, full disk encryption is easy to deploy, but security is compromised because a running system seamlessly decrypts any data for any process – legitimate or not. But SecureAge’s encryption technology, the SecureAge Security Suite, has the processing power to deliver full data protection that is transparent to the end user.
Through time-tested technology and design, the SecureAge Security Suite achieves Data protection with a careful balance of the known in proactive Data security and real-world usability and the unknown in application binding. Our approach ensures that there aren’t any trade-offs among these three equally important elements.
Rather than trying to account for the human element, or to change it, the SecureAge Security Suite removes the human element completely. We don’t try to force everyone to become a cybersecurity expert and we allow people to work as they normally do, without sacrificing security.
The SecureAge Security Suite offers a complete and timely solution for everyday enterprise security needs. This software will give you the confidence to race to launch new initiatives, speak to new audiences, and differentiate yourself through innovation, while knowing ALL of your Data is safe.
Through time-tested technology and design, the SecureAge Security Suite achieves Data protection with a careful balance of the known in proactive Data security and real-world usability and the unknown in application binding. Our approach ensures that there aren’t any trade-offs among these three equally important elements.
Rather than trying to account for the human element, or to change it, the SecureAge Security Suite removes the human element completely. We don’t try to force everyone to become a cybersecurity expert and we allow people to work as they normally do, without sacrificing security.
The SecureAge Security Suite offers a complete and timely solution for everyday enterprise security needs. This software will give you the confidence to race to launch new initiatives, speak to new audiences, and differentiate yourself through innovation, while knowing ALL of your Data is safe.