Security by

Design

Architects of buildings have a set of rules and requirements to make sure their result is structurally safe and secure. It’s no different in the world of cyber security, with a set of criteria that need to be met and tasks that need to be done to be cyber safe. We call this security by design.

Matt White, CEO XaaS Ltd

In a bit more detail:

Security by design ensures the system architecture of your business is secure.  Making sure the hardware, software and data management necessary to undertake the operation of your business are designed to be as secure as possible, enforcing authentication, authorisation, confidentiality, data integrity, privacy, accountability, availability, safety and non-repudiation requirements, even when the system is under attack. Based around design and theory, it works in combination with environmental security (the practical application), utilising best practice principles and tactics to minimise potential exposure, thus reducing risk.

Here are 4 quick wins to start you on your cyber-health journey to improve in security by design; click on the icon or scroll down to see more detail:

Understand how and where your data is used

Define your security controls and apply them to projects, new systems, etc

Ensure assets are encrypted such as laptops, server, mobile phones

Ensure important systems have appropriate redundancies

Understand how and where your data is used

Before you can meaningfully design a secure system, you need to understand how your business uses data and how and where it is used.  Factors such as how data is used, how often data is used, how it is shared, where it is stored all form part of the overall picture of how best protect your company’s data.

Some simple steps you can take to understand your data are:

Define your security controls and apply them to projects, new systems, etc

Now that you know how and where your data is used, you can start to design the security controls to keep it safe.  In some instances, especially cloud services a lot of security may already be applied and using the knowledge of what data is important and how your data will be used, informs you of what control may need to be applied.   You can use our handy XaaS Security by Design checklist to help you if you don’t know where to start.

Some simple steps you can take to define your security controls are:

Ensure assets are encrypted such as laptops, server, mobile phones

One of the most common ways that a business’s data is exposed is through the loss of laptops, mobile phones or removeable media (USB sticks).  We have all heard about government officials leaving laptops or important papers on trains or thieves walking out of premises with computers and servers.

Some simple steps you can take to protect data held on portable devices are:

Ensure important systems have appropriate redundancies

Making sure you have access to important systems and data that allow your business to work means that you should think about building redundancy into your system design.

This can range from physical redundancy (making sure that important systems have backup power or dual power / network connectivity) to fully redundant systems that automatically fail-over.

For a small office this can be as simple as having a backup 4G router to provide redundant internet access if broadband is lost.  For larger enterprises, this is more likely to be making sure you have designed systems that replicate, so that the data you need is always available.

Most cloud services provide redundancy as part of their service, but it is important to check that this is the case.

Some simple steps you can take to build in redundancy are: