What is Secure by Design?

What it means to be Secure by Design

Secure by Design far exceeds previous proposed industry standards, with one clear intent: to protect customers and the public by minimizing exploitable flaws before products reach the market. Companies adopting these principles focus on testing, authentication safeguards and adherence to best programming practices, creating robust and resilient software and hardware solutions. 

Industry leaders, led by organizations that have signed the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design pledge, are prioritizing Secure by Design principles to make cybersecurity more proactive and effective, resulting in more secure infrastructure and applications. This not only meets regulatory requirements but also builds trust with users – fostering a safer digital environment for all. 

Related: The Secure-by-Design Pledge: A Commitment to Creating a Safer Digital Future

Various industry bodies and government agencies have published guidelines and best practices that promote secure software development methodologies. These often emphasize principles that align with Secure by Design concepts.  

The most relevant recent example is the April 2023 publication by the National Institute of Standards and Technology (NIST) and other U.S. agencies of a Joint Guidance Document titled "Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software" that spotlighted the growing importance of Secure by Design principles in software development.  

While Secure by Design is voluntary for most U.S. enterprises, federal contractors or companies in other nations are often mandated to comply with cybersecurity guidelines, ensuring products support critical infrastructure security. Such regulations and guidance also facilitate coordinated efforts among international partners to create a safer global cyber environment. 

The Secure by Design Pledge

The pledge is a voluntary commitment launched by CISA that focuses on encouraging software manufacturers to stress security throughout the whole development lifecycle of their software products and services. Its key aspects include: 

Target audience

The pledge targets companies creating enterprise software, including on-premises, cloud services and SaaS offerings. While not directly mentioned, companies making physical products, like IoT devices, are also encouraged to show their commitment to secure design principles. 

Focus on measurable actions 

The pledge encourages signatories to commit to specific, measurable actions aligned with secure by design principles, to be implemented within one year of signing. 

Core goals 

The pledge outlines seven core areas in which software manufacturers can show their commitment to Secure by Design: 

• Increasing their use of Multi-Factor Authentication (MFA) across their products. 
• Reducing reliance on default passwords and promoting strong password management practices. 
• Implementing strategies to minimize entire classes of vulnerabilities within their software. 
• Encouraging timely installation of security patches by customers. 
• Establishing a clear and comprehensive vulnerability disclosure policy. 
• Providing detailed information about identified vulnerabilities (CVEs) to facilitate remediation. 
• Implementing mechanisms to detect and respond to potential security incidents within their software. 

Transparency and progress reporting   

Signatories are expected to share their progress on the goals publicly, enhancing industry transparency and accountability.  

Principles of Secure by Design 

The Secure by Design principles are intended to give clear guidance to software providers who want to enhance security. 

Least privilege 

This principle ensures users and systems have only the access needed for their roles, which limits damage from threats or errors by reducing the attack surface and minimizing unauthorized data access risks. Implementing this involves strict access control and regular updates based on roles, enhancing security against cyber threats. 

Separation of duties 

Responsibilities are distributed across multiple parties or systems, reducing the likelihood of fraud, errors and misuse of privileges by preventing a single entity from controlling a crucial process.  

In a secure development lifecycle, roles such as development, testing and deployment are divided among different teams, ensuring no single individual can alter the system undetected. Plus, automated safeguards are included to maintain this principle. 

Defense in depth 

This approach uses several layers of security to safeguard assets, acknowledging that no single defense is entirely fail-safe. It incorporates diverse safeguards like firewalls, intrusion detection systems and periodic security audits across hardware, software and procedures.  

By addressing varied threat types and adding multiple hurdles for intruders, this method significantly lowers vulnerabilities and strengthens the security framework of organizations. 

Benefits of participating in Secure by Design 

There are advantages for software providers who decide to participate in the Secure by Design Pledge: 

• Demonstrates commitment to security: Signing the pledge publicly signals a company's dedication to secure software development practices. This can enhance brand reputation and build trust with potential customers. 
• A focus on measurable security: The pledge encourages a results-oriented approach to security, driving concrete actions that demonstrably improve the security posture of software products. 
• Collaboration and knowledge sharing: The pledge can foster collaboration and knowledge sharing among industry players, leading to a collective improvement in secure software development practices. 

Customers and users also benefit. When a software provider delivers solutions and platforms that follow Secure by Design principles, the benefits that matter most are the ones the customer experiences: 

• Improved protection: Incorporating security features into software from the outset makes it stronger and less vulnerable, ensuring the network it runs on is also secure – which also enhances the network it runs on. 
• Enhanced DEX: Greater emphasis on security and testing during development can lead to a more optimized, stable, and disruption-proof product, enhancing employee experience. 
• Better ROI: A more secure product can reduce downtime and the need for patching, allowing users to remain productive. 
• Streamlined compliance: Adhering to strict data privacy and security regulations is simpler with Secure by Design software, reducing the time and resources required for compliance checks and avoiding penalties. 
• Enhanced reputation: Companies that prioritize security are considered more trustworthy, enhancing customer confidence and loyalty. 

Implementing Secure by Design in software products

Developing software with security incorporated from the start represents a fundamental change in how software is created. Software has historically been designed with "bolt-on security," added after products are developed.  

But this means that security is not an integral part of the solution. Wherever there’s a connection between the core product and an add-on, it’s a possible point of vulnerability for attackers. 

Secure by Design emphasizes that security measures are top of mind during the entire Software Development Lifecycle (SDLC).  

Integrating Secure by Design principles throughout the entire process, rather than delaying until after the code is written, ensures that security is a priority from the planning and design stages. This approach entails identifying potential threats early on and weaving defenses directly into the software's architecture.

Secure coding practices are essential for developing software that pre-emptively addresses security vulnerabilities. Adhering to guidelines like those from the Open Worldwide Application Security Project and performing code reviews and static analysis helps catch security issues early. Key practices include input validation, avoiding hard-coded secrets and opting for secure libraries. Utilizing tools for continuous vulnerability scanning and threat modeling further ensures software security against cyber threats. 

Thorough security testing at every stage of development ensures that vulnerabilities are discovered and resolved early – before they turn into problems for the end user. This prevents the expenses and complexities associated with addressing these issues later in the SDLC or, more problematically, after the product's release. 

A provider should perform SAS (Static Application Security Testing) and DAS (Dynamic Application Security Testing) within its code set, as well as conduct unit testing and integration testing throughout the SDLC rather than delaying threat modeling or testing until the end of the process.  

Key features that should be baked into software so it follows Secure by Design principles include: 

• Authentication and a combination of something known (password), owned (smartphone) or inherent (biometric). Authorization, through roles-based access control (RBAC) and policy-based access control (PBAC) ensures users only get necessary access, reducing risks. 
• Encryption and data protection. Encryption safeguards sensitive data at rest and in transit using algorithms like AES (Advanced Encryption Standard and RSA (named for MIT scientists Rivest, Shamir and Adleman). Proper encryption entails secure key management, with keys stored separately from the data and the use of hardware security modules (HSMs). Regular protocol updates and audits boost security. 

Challenges of Secure by Design

There are challenges involved in making Secure by Design a reality that an organization should have a plan in place to address: 

• Shifting development culture: Moving from a development process that focuses on features and functionality to one that integrates security from the start requires a significant cultural change within development teams. Security should be seen as a crucial aspect of the product, not something that’s just an addition. 
• Balancing security with usability: Robust security measures can’t compromise user-friendly experience. Finding the right balance between security and usability is crucial for ensuring user adoption and a positive overall experience with the software. 
• Legacy infrastructure and code: Many organizations have existing software products built on older codebases that may not have been designed with security in mind. Retrofitting secure design principles into these legacy systems can be complex and time-consuming. 
• Continuous threat landscape: The cybersecurity landscape is constantly evolving, with new threats emerging all the time. Secure by Design isn't a one-time fix; it requires a continuous commitment to staying updated on the latest threats and adapting security practices accordingly. 
• Skilled workforce shortage: Implementing Secure by Design effectively demands a team with specialized security expertise. However, there's a global shortage of cybersecurity professionals, which can make it challenging for organizations to find the qualified personnel needed to fully embrace Secure by Design principles. 
• Involving users: Providers should involve end users in the design process, gathering feedback to create easy-to-use security features. Continuous education on security best practices is also crucial for reducing human error without overwhelming the user. 

Secure by Design terminology

Here’s how Secure by Design principles relate to already-familiar cybersecurity terms: 

• Attack surface: The sum of all potential entry points that a cyber attacker can exploit to gain access to a system or data. Secure by Design aims to minimize the attack surface by reducing vulnerabilities. 
• Black box testing: A security testing methodology where the internal workings of the system are not known to the tester. Secure by Design encourages secure coding practices that minimize vulnerabilities detectable through black box testing. 
• Component security: The principle of ensuring that all individual software components, from libraries to frameworks, are built with security in mind. Secure by Design emphasizes secure selection and integration of third-party components. 
• Data minimization: The practice of collecting, storing and processing only the minimum amount of data necessary for a specific purpose. Secure by Design encourages data minimization to reduce the potential impact of a data breach. 
• Encryption: The process of transforming data into a scrambled format that can only be accessed with a decryption key. Secure by Design promotes the use of strong encryption algorithms to protect sensitive data. 
• Firmware security: The practice of securing the low-level code that controls hardware devices. Secure by Design encourages the use of secure coding practices and regular updates for firmware. 
• Gray box testing: A security testing methodology in which the tester has partial knowledge of the system's internal workings. Secure by Design encourages code that performs well in both gray box and black box testing scenarios. 
• Incident response plan: A documented plan that outlines how an organization will respond to a security incident. Secure by Design encourages proactive planning for potential security breaches. 
• Input validation: The process of verifying and sanitizing user input to prevent malicious code injection attacks. Secure by Design emphasizes robust input validation practices. 
• Just-in-time access: Granting access to resources only when and for as long as absolutely necessary. Secure by Design encourages minimizing privileges and using JIT access controls. 
• Known vulnerabilities: Documented weaknesses in software that attackers can exploit. Secure by Design emphasizes the importance of staying updated on known vulnerabilities and patching systems promptly. 
• Least privilege: The principle of granting users only the minimum level of access permissions necessary to perform their jobs. Secure by Design promotes the concept of least privilege to minimize potential damage caused by compromised accounts. 
• Multi-factor authentication: An extra layer of security that requires a secondary verification factor beyond a password to access a system. Secure by Design emphasizes MFA as a crucial security control. 
• Penetration testing: A security testing methodology in which ethical hackers attempt to exploit vulnerabilities in a system. Secure by Design encourages regular penetration testing to identify and address security weaknesses. 
• Open-source security: The practice of ensuring the security of software built upon open-source components. Secure by Design encourages careful selection and management of open-source libraries with a focus on known vulnerabilities. 
• Patch management: The process of identifying, acquiring and deploying security patches to fix vulnerabilities in software. Secure by Design emphasizes a proactive approach to patch management. 
• Quality assurance: The process of ensuring that software meets specified requirements and standards, including security requirements. Secure by Design integrates security considerations into all phases of the QA process. 
• Risk management: Identifying, assessing and mitigating security risks. Secure by Design encourages a risk-based approach to security, focusing on the most critical threats. 
• Secure coding practices: Coding techniques that minimize the introduction of vulnerabilities during software development. Secure by Design emphasizes training developers in secure coding practices. 
• Threat modeling: The process of identifying and analyzing potential threats to a system. Secure by Design encourages threat modeling early in the development process to proactively address security concerns. 

Related: Ivanti’s progress toward Secure by Design goals