Security By Design

by Feb 16, 2021Article, Bitesize Analytics

What is security by design?

Security by design is a software engineering approach in which the security tactics and patterns are first thought before designing a product. The best security approach is implemented in the architecture design and it acts as a guiding principle for developers. This approach has also been adopted in the area of the Internet of things (IoT) and Big Data Analytics.  Like traditional IT systems, IoT deployments are also susceptible to a host of cyberattacks such as phishing, malware attacks, etc. This approach prevents the cybersecurity breach in an organization, and it teaches best practices to implement important software features using design as the primary driver for software.  The main security principles which are important for all applications are confidentiality, integrity, and availability.

In the field of big data analytics, the extensive collection and processing of personal information have given rise to serious privacy concerns related to profiling and disclosure of private data. Security by design approach helps to integrate appropriate data protection safeguards in the core of the analytics value chain which will allow the benefits of analytics without invading an individual’s private sphere. By using this approach, the privacy requirements are identified early at the big data value chain and the necessary organisational and technical measures are implemented.

In the field of big data analytics, the extensive collection and processing of personal information have given rise to serious privacy concerns related to profiling and disclosure of private data. Security by design approach helps to integrate appropriate data protection safeguards in the core of the analytics value chain which will allow the benefits of analytics without invading an individual’s private sphere. By using this approach, the privacy requirements are identified early at the big data value chain and the necessary organisational and technical measures are implemented.

Image Reference: (Spivey, 2017)

Why is it important?

This method is important because it prevents system errors from an early stage. The security tactics and patterns provide solutions for enforcing the necessary privacy, data integrity, and safety even when the system is under attack. The security of the software system is especially important so to achieve it, we should build a robust security architecture and should preserve the architecture during software evolution.  

What advantages does it have vs other design techniques?

The security by design is built in from the beginning instead of testing the security of a system when it is done, so solving the security issues at the beginning is much cheaper and it reduces potential disruptions. Usually, in the Software Development Lifecycle (SDLC), the pressure is extremely high at the end of the development process, so it is not the best time to implement any security methods. To address the big data risks in the analytics, field the security by design approach is very critical.

The security strategies are analysed in each phase of big data analytics along with the technical implementation measures. Security by design is a very resilient process where security is built-in rather than added as a fix at the end.

Where does it overlap with data governance?

As we know that data and information are typically the heart of any organization. Data security, protection, and privacy are must when private individual information is concerned. Effective data governance helps to avoid such issues. The security and privacy principles are included in the GDPR (General Data Protection Regulation). But it is very much essential for an organization to understand that they not only have to meet their compliance requirements, but they also must diminish the cybersecurity risks. This means that organizations must protect the individual’s rights by integrating safeguards to comply with the GDPR’s requirements and they must implement the data protection principles by implementing appropriate organizational and technical measures.

The most common security approaches which have been followed by an organization are role-based and policy-based security approaches. In the role-based approach, access to certain resources is allowed based on a person’s role within an organization. This approach has become one of the main methods for advanced access control. The policy-based approach is a framework that evaluates a user’s access dynamically. This policy follows the zero-trust approach and implements strict access control within an organization.    

Let me highlight a few biggest data breaches of the 21st century.

1) Yahoo data breach 2013-2014, 3 billion user accounts were impacted. This was one of the biggest data breaches in history. In 2014 the attackers compromised the usernames, email addresses, date of birth, and telephone numbers of 500 million users. In 2016, a different attacker compromised the names, email addresses, date of birth, passwords, and security questions and answers of 1 billion users. In 2017, Yahoo revised the estimate of users who were impacted, and it was 3 billion accounts (Swinhoe, 2021).

2) Facebook data breach 2019, 419 million users were impacted. The phone numbers of these 419 million Facebook accounts were leaked (Winder, 2019).

3) Microsoft data breach 2020, 250 million customer service and support records were exposed to the web. A database containing 250 million customer records were found unsecured online (Winder, 2020).

As most organizations are moving to a risk-based approach to security, data governance is the key that makes security, privacy, and risk more effective and easier. Within an organization, data governance protects high-quality data throughout the lifecycle of the data which includes security, data integrity, and consistency. On continuous basis security by design maintain, manage, and monitor the security risk governance and management

How can it be achieved in Data science?

In this digital world, cybersecurity is undergoing a massive shift in technology and its operations, this change is driven by data science. In recent years, due to increasing dependency on digitalization and the Internet-of-Thing (IoT) many security incidents like a data breach, unauthorized access, malware attack, phishing, etc have grown.

The key to making a security system automated and intelligent is extracting security incident insights or patterns from cybersecurity data and building the data-driven model. To understand and analyse the actual phenomena with data various machine learning techniques and processes are used.

How can it be achieved with Oracle Technology?

Many business leaders, organizations are moving their critical business-critical workloads to the cloud. One of the very efficient and reliable options for them is the Oracle Cloud Infrastructure platform. Oracle is empowering businesses of all sizes on the journey of digital transformation. The security practices in Oracle are multidimensional.

Oracle Cloud Infrastructure was architected with security as a primary design principle including isolated network virtualizations. The security approach for Oracle Cloud Infrastructure is based on seven core pillars which are Data Encryption, Customer Isolation, Visibility, Security Controls, High Availability, Secure Hybrid Cloud, and Verifiably Secure Infrastructure. Each of these pillars has multiple solutions designed to maximize the security and compliance of the platform.

Is it easy to achieve?

Good security wins customers and the “security by design” approach is not easy to apply if the workforce does not understand the security protocols properly. The necessary security by design training can be included in the company’s culture to enable this approach to be successful.

Even in the big data analytics field, it is not an easy task to implement this approach since it requires a lot of research. The right balance by highlighting security as a core value of analytics and examining how technology can be used on its side can make this approach successful.

Most proactive firms try to integrate this approach into their systems. If security by design is done effectively then it reduces the cybersecurity risk from external and internal threats. As I said before this approach is better for return on investment, and it is also increasing customer satisfaction.

How does Vertice achieve security by design?

Vertice is an Oracle platinum partner we are a specialist in Oracle service offerings. Our workforce fully understands the security protocols and follows them very strictly. We also provide the necessary training to our employees to achieve this, as well as training customers.

We use the Oracle Cloud Infrastructure, Autonomous data warehouse, and Oracle Analytics Cloud (OAC) platforms for data warehousing, data analysis, data modelling, and data visualizations. We make sure that the security is implemented in the design lifecycle, authentication is appropriate, and the data flows are secure. We also use multi-factor authentication which is one of the biggest friction points for the users. We also monitor how users are interacting with data daily to know what data is pulled, and how it is investigated, enriched, and analysed.

Shalini Mahajan

Shalini Mahajan

Senior Data Analytics Consultant

Shalini Mahajan is a Senior Data Analytics Consultant at Vertice. She has over 6 years of experience working with database management and data analytics. She began her career as an Application Software Development Consultant at NTT Data after she finished a Bachelor of Engineering degree in ECE from Visvesvaraya Technological University. She is very passionate about analytics and business service innovation. She holds a Master’s Degree in Business Analytics from UCD Michael Smurfit Graduate Business School.

If you have any questions, don’t hesitate to get in touch