Security is a consideration that should be top-of-mind in any new tech product. As technology advances, so too do the ways in which hackers can utilize applications and data storage to get past security systems. The latest best practices in security should never be an afterthought when it comes to launching new tech.
Below, 12 experts from Forbes Technology Council explain their best pieces of security advice for technology leaders working to build security into their products from the beginning.
- Consider the Three ‘As’ Of Security
Sticking to the basics will be my advice for fellow security leaders. Three “As” that define the basics of security are awareness, agility and advanced technology, in the same order as written. Often, organizations focus on advanced technology controls, but the best security return on investment is realized when we prioritize security awareness programs and embrace execution agility by eliminating the red tape. – Parthasarathi Chakraborty, Guardian Life
- Test Often, Early And Fast
Don’t wait until your product is well into the development process to test for security flaws. Run security scans in the daily build and treat issues as critical bugs. Also, make sure you subscribe to new releases of any part of your technology stack—security patches are released often and should be incorporated as soon as possible to reduce technical debt. – Bruno Guicardi, CI&T
- Allow For Security Updates
Bake in mechanisms that allow for updates to security capabilities as threats evolve. IoT (Internet of Things) is the perfect example of what not to do. The vast majority of IoT products aren’t secure and don’t allow for consumer-friendly firmware updates or downloads. In product builds, a little foresight goes a long way. – Adam Stern, Infinitely Virtual
- Include Security in the Build Process
You have to incorporate security standards into the design and build process. Think about building a home. If you decide to install smoke detectors once the house is fully built, painted and furnished, it will be expensive, and you may miss areas that need them. Think about where the data is going, who accesses it, and how the permission and authentication work during the build. – John J. Higginson, Enova
- Start with Data
The most important thing to note with security is around data management: How is data collected, how is it stored, how is it transferred and who has access to it? Understanding where your private user information lives will enable your team to better manage risk and prevent a breach from happening. – Marc Fischer, Dogtown Media LLC
- Use IoT Security Services
With IoT, you need to analyze where each individual component comes from. Even if everything on your end is scrutinized and secure, components come from different manufacturers who may not share your safety ideals. The same goes for your encryption protocol. Hackers can access your data as you’re sending it, so utilizing IoT security services like AWS Device Defender might be a good idea. – Artem Petrov, Reinvently
- Hack Yourself Before the Bad Guys Do
The bad guys are out there, but there are “ethical hackers” you can employ to find vulnerabilities. Use a security firm to run annual penetration tests on your infrastructure. Pay bug bounties (usually $500) to “white hat hackers” who find security exploits. And run phishing emails on your employees to see who takes the bait. Humans can be your weakest link, and “live fire” exercises do work! – Vinay Pai, Bill.com
- Build a Fortress
When building security into a product—especially one that connects to the internet—assume everyone is out to “pwn” (hack) that product. Beyond designing defensively, it may also be necessary to lock down and verify all remote access, keep detailed access logs during testing and even proactively block access to bad actors. Achieving this in a friendly, easy-to-use consumer product is the challenge. – Chris Kirby Retired
- Be Cognizant Of History
So many technologists have such wonderful skills and creativity that they sometimes become “intechicated,” neglecting the greatest risk—physical security. Phishing, illegal access, copying, data manipulation, malware, and on and on all stem from poor physical security. If you can limit access and make it step one of your everyday cyber DNA, you will have a sound foundation for your technology. – Wayne Lonstein, VFT Solutions, Inc.
- Guard against Scale
Consider how security may be impacted by product growth: number of users, amount of data stored, geographic distribution, operations per second, etc. Security risks are always present; design your product to ensure that those risks do not become unacceptable when elements of the product or its use grow by orders of magnitude beyond expectations. – Seth Noble,Data Expedition, Inc.
- Minimize Your Attack Surface
Think like the adversary. There will inevitably be security bugs in any piece of moderately complex software, so think about how you can minimize the amount of your software that will be accessible directly or indirectly by an unauthenticated user. And implement a strong identity with multifactor dynamic authentication from day one. – Gaurav Banga, Balbix
- Build Trust between Security and Development Teams
IT leaders must start by establishing trust between security and development teams. Evangelize early and often and create win-win situations by finding someone on the team who’s doing it right. Celebrate what’s working, and use them as an example of where the team should be going. Help teams understand that the product will impact a customer’s life, rather than the organization. – Robert Reeves, Datical
Source: All the above opinions are personal perspective on the basis of information provided by Forbes and contributor Expert Panel, Forbes Technology Council.