Old methods of rushing software out of the door and then issuing hordes of patches and fixes just don’t work today. Instead, Security by Design (SbD), which is the process of creating applications that are secure from the start, has become the focus of attention.

Let’s look at a few of the ways IDM thought leaders are addressing SbD.

Informing and Training

Security by Design tries to make an application free of vulnerabilities through continuous testing, using best programming practices, and building in authentication safeguards at the front end, instead of tacking on patches and code as a security afterthought.

Leaders in the IDM field realize the hit-and-miss process of fixing vulnerabilities after the fact needs to be changed.

• Amazon Promotes SbD – Amazon, through AWS, is one of the largest cloud providers in the industry, and it strongly encourages its clients to implement SbD. It has published a four-step approach that can be used as a template for building an AWS infrastructure using SbD.
• United States Federal Trade Commission (FTC) Chairwoman Edith Ramirez Speaks in Favor of SbD – As an IDM professional, you may already be feeling how the Internet of Things (IoT) affects an enterprise. Edith Ramirez spoke of the challenges at the CES in 2015. She stressed that although IoT has the potential for tremendous impact and benefit, the privacy and security implications are enormous. She took the opportunity to advocate SbD as the way vendors should proceed with IoT applications.
• IAM Conferences Tout SbD – Many of the IAM and security conferences have begun making SbD a major part of their presentations. The 2015 Identify Conference hosted by Ping Identity had an entire session on SbD entitled “Security by Design: How Customer Identity Solutions Can Help You Win the Customer Experience” The RSA Conference in San Francisco, held in February of 2016, had a panel and a presentation concerning SbD. In early April of 2016, InfoSec World, one of the most respected and recognized information security conferences in the industry, dealt with SbD in multiple workshops and keynote addresses.
• S. Government Adopting SbD – Tony Scott, the Chief Information Officer of the United States, believes IT needs to take new approaches to security, and he has spoken about the need to use SbD to make security part of core design principles.
• Tool Developed to Aid SbD Efforts – The FTC, in collaboration with other government agencies, has created a web-based interactive tool to help health application developers understand how federal laws might affect their apps. A companion best practices guide highlighting SbD was issued at the same time. The guide was mainly taken from the FTC document for businesses, “Start with Security.”

Security by Design is More Than a Buzzword

It is clear that the trendsetters in IDM are looking to Security by Design as a critical component in combating future threats. If you have not done so already, you need to look to your applications and vendors with an eye to building security from the start, instead of playing catch-up with cyber criminals.

Do you think Security by Design is the answer to meeting future challenges? Let us know your thoughts in the Comments box below.

And if you’re responsible for driving new revenue for identity management solutions, download our free eBook on “Identity Management Lead Generation Best Practices.”