Cybersecurity Needs to Be Part of Your Product’s Design from the Start

Traditional approaches to cybersecurity are largely at arms-length from innovation. Instead of incorporating security intrinsically into new products, services, and business activities, the conventional approach is to reactively apply cybersecurity controls in compliance with corporate security policies and standards. Under pressure to “move fast and break things,” it is understandable why development teams at times omit security altogether in initial product releases. The problem with this approach is that deploying cyber controls without understanding, in detail, how a particular business activity works will invariably leave it unprotected while simultaneously interfering with its efficient operation. Cybersecurity must expand beyond its traditional responsibilities of safeguarding company computers to become an integral part of mainstream business innovation, sharing responsibility for the protection, and creation, of business value. The first step is to incorporate cybersecurity into the initial design of products, services, and other technology-driven projects.