피드 구독

The COVID pandemic has pushed many companies to quickly digitize operations in order to support decentralized teams. Unfortunately, in the rush to provide these systems, many soon discovered that that ease of use, compatibility, and efficiency can come at a heavy cybersecurity cost.

While certain systems have always carried some security risk, the incredibly high numbers of remote workers and the ever-rising US$6 trillion+ threat of cybercrime have caused these vulnerabilities to be exploited en masse. In fact, large-scale breaches are reported to have increased by 273% in the first quarter of this year. Now, businesses are worried about updating their IT infrastructure and instituting safe digital work processes.

This article will focus on the business need for solutions that properly safeguard corporate data and some of the key elements architects should consider when building security-first platforms. While there are multiple applications these principles can (and should) apply to, most of the examples used below will focus on how they can be implemented in collaboration tool development.

Start from zero

Zero Trust is not a new approach to IT security. It was a concept that was popularized nearly ten years ago yet is still making its way into actual implementation. For those that are unfamiliar, Zero Trust is a security strategy that assumes that everything (data, devices, apps, and users) inside or outside of the corporate network is a security risk and needs to be regularly and granularly authenticated and verified.

Zero Trust is a critical element to maintaining security and privacy (in many products, including collaboration tools) because of its dynamic and thorough nature. It is especially important for architects to embrace Zero Trust because it needs to be built into the core design of a product in order to be truly effective.

Planning

Architects looking to utilize the Zero Trust methodology first need to think about how their product/solution will fit into the overall IT environment and user experience to address any potential technology and regulatory challenges. It’s also important to evaluate the user experience. Who are the key users? What apps and systems do they use, and what kinds of access will they need? From there, it will be easier to develop goals and roadmaps around protecting and controlling mission-critical data in a compliant manner.

Systems and protocols

Zero Trust is a good proactive defense against cyberthreats because it is dynamic and hyper-vigilant. With this type of framework, there are no default configurations. Architects must build systems that continuously monitor all network communications, constantly monitor all users, and utilize comprehensive system permissions and safeguards. This principle of constant monitoring and verification typically translates into stringent protocols such as multi-factor authentication, identity access management, end-to-end encryption, orchestration, analytics, and other comprehensive system permissions.

Many companies currently rely heavily on messengers for employee collaboration—this is a trend that will only increase as the workforce continues to become more mobile. Unfortunately, many of the messengers that have become ubiquitous do not protect consumer data with essential Zero Trust technologies like end-to-end encryption. However, several open source alternatives offer greater security out of the box.

Embrace hyper-transparency

There have been many cases where platform providers have not been entirely forthright about how their tech is built, what security measures are put in place, and how user data is being routed or used. Privacy takes a great deal of intention to protect, as the advocacy group Electronic Frontier Foundation (EFF) outlines in their privacy guide.

Architects that are truly interested in building platforms that prioritize security need to accept that security, privacy, and transparency go hand-in-hand. There is no true security if there is a violation of privacy, and the best way to prove true privacy is by offering hyper-transparency into how a product is built.

One approach to implementing transparency is through open source software where the source code is released and accessible to the public. This allows external parties to verify all security claims and identify any hidden backdoors or data collection operations. Architects can also leverage the wider developer community to find bugs or vulnerabilities and patch them before they can be exploited.

Institute checks and balances

In some ways, you can never be truly done with building a security-first platform. Truly secure platforms require constant checking, digging, and improvement.

That being said, it can be hard for architects and their teams to spot gaps in their own technology because they are so immersed in it. The best way around this (and to ensure all bases are covered) is to get regular security audits from a third party. Third-party experts like security researchers, universities, and other organizations can help provide an in-depth and credible assessment that may help win the trust of prospective customers. But more importantly, having independent audits from other experts can offer architects an unbiased and fresh perspective on their own system’s design and flaws.

Conclusion

There is mounting pressure to figure out the problem of security from all sides. Advocacy groups have started demanding that vendors put out transparency reports, governments are enforcing regulations with high culpability like CCPA and GDPR, and businesses are zeroing in on security, privacy, and trust as deciding factors for their tech investments. In order to meet this challenge, architects need to do more than reactively patch flaws or retroactively refurbish systems to have better security protocols. Architects that want to create systems for the future need to design with security-first architecture that embraces the mindset that everything should be scrutinized and authenticated, implements cutting-edge cybersecurity protocols, and operates on a philosophy of transparency.


저자 소개

Alan Duric is the co-founder and CTO/COO of Wire, a secure collaboration platform. He is an experienced entrepreneur with a strong background in real-time communications. He's the co-founder and CTO of Telio Holding ASA that is now listed on the Oslo stock exchange, and Camino Networks, which was acquired by Skype/eBay. Alan is an early pioneer of VolP technologies and a driving force in the standardization of the speech codecs that led to the WebRTC standard, which revolutionized how real-time communication products are built today.

Read full bio
UI_Icon-Red_Hat-Close-A-Black-RGB

채널별 검색

automation icon

오토메이션

기술, 팀, 인프라를 위한 IT 자동화 최신 동향

AI icon

인공지능

고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트

open hybrid cloud icon

오픈 하이브리드 클라우드

하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요

security icon

보안

환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보

edge icon

엣지 컴퓨팅

엣지에서의 운영을 단순화하는 플랫폼 업데이트

Infrastructure icon

인프라

세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보

application development icon

애플리케이션

복잡한 애플리케이션에 대한 솔루션 더 보기

Original series icon

오리지널 쇼

엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리