Vendors prioritizing security from the outset when deploying software
In the rapidly evolving digital landscape, the importance of security by design in software development has never been more crucial. This proactive approach to risk management is gaining traction as a critical best practice, not just for tech giants, but for businesses and governments worldwide.
Security by design involves integrating security controls from the outset, much like conventional engineering practices such as Failure Mode Analysis. By identifying and mitigating risks early in the development lifecycle, it ensures that security requirements become an integral part of the system design rather than an afterthought.
This approach offers multiple benefits. For instance, defining and embedding security requirements before design and implementation significantly reduces the need for costly and wasteful rework later in the process. It also maintains the product's usability, balancing security with functionality, and minimises vulnerabilities and cyber risks.
Moreover, security by design aligns with emerging global standards endorsed by agencies like CISA, NSA, and FBI. These standards advocate that manufacturers must deliver safe and secure technology by default. Specific approaches like adopting memory-safe programming languages help eliminate a major class of vulnerabilities, significantly enhancing software security at the source code and runtime levels.
Modern software, with its benefits of faster innovation, improved scalability, and greater efficiency, also concentrates risk, as fewer providers serve more critical functions. Security by design empowers organisations to make better-informed decisions when selecting vendors.
The call for action against a reported $537 billion in global "fraudemic" underscores the need for improved software security. Santander, a global bank, understands the potential impact of a single vulnerability on thousands of transactions or sensitive data. As such, it has moved beyond managing risk to actively championing higher standards across the industry.
Santander is an ambassador for the UK Government's Software Security Code of Practice, reflecting its commitment to collective resilience in the digital economy. The Code of Practice emphasises the need for improved software security and resilience due to interconnected digital infrastructure.
In addition to its commitment to security, Santander offers training on digital security at its Work Café branches. This training aims to equip individuals with the knowledge needed to protect their personal information when a phone is lost or stolen, spot forms of phishing, and follow password security best practices.
As technology continues to permeate every aspect of our lives, it is essential that we prioritise security by design. By doing so, we can build safer, more resilient software systems that protect our personal information, businesses, and critical infrastructure.
References: [1] NIST Special Publication 800-21, "Engineering Principles for Information Technology Security" [2] OWASP Top Ten Project, "Security by Design" [3] CERT Guide to Secure Coding, "Memory Safety" [4] Google Project Zero, "Memory Safety"
Cybersecurity awareness is critical, especially in the financial sector, as it can significantly reduce vulnerabilities and cyber risks, safeguarding sensitive data like that used in thousands of transactions by Santander, a global bank. Adopting a security by design approach, endorsed by agencies like CISA, NSA, and FBI, helps eliminate major classes of vulnerabilities and ensures that security is an integral part of system design, promoting resilience in the digital economy.
