Secure Design: A Matter of Responsibility and Diligence

Secure Design: A Matter of Responsibility and Diligence By Carlos Araujo Jr., Senior Director and Antonio Gesteira, Senior Managing Director, FTI
Image: Kaylee Walstad, EDRM & AI

[EDRM Editor’s Note: The opinions and positions are those of Antonio Gesteira and Carlos Araujo, Jr..]

Cybersecurity is one of the biggest challenges facing contemporary society. With the advancement of digital technologies and the ever-increasing dependence on information systems to perform the most diverse activities, the protection of data and computing resources becomes increasingly critical. There are many cases of cyber attacks that cause financial losses, damage to reputation, violation of privacy, and even risks to national security.

A zero-trust architecture is built from the inside out, that is, it assumes that the attacker is already inside the system and seeks to limit their access and movement.

Carlos Araujo Jr., Senior Director and Antonio Gesteira, Senior Managing Director, FTI.

Given this scenario, it is essential that professionals involved in the development, implementation, and management of information systems adopt secure design practices. That is, cybersecurity and data protection must be viewed as an essential requirement from the conception to the operation and maintenance of systems and infrastructure. Secure design is a matter of responsibility, as it aims to ensure that the entire ecosystem is reliable, intact, and resilient in the face of cyber threats.

But what does secure design mean? What are the principles that guide this approach?

The principles of secure design are guidelines that each company must have in order to guide its professionals to design environments and systems that are capable of preventing, detecting, and responding to cyber attacks, minimizing their impacts and maximizing their recovery. These principles may vary according to the context and objective of each organization, but some of them are considered universal and applicable to any situation.

  • Defense in Depth: This principle consists of using multiple cybersecurity controls in layers, and in a coordinated and complementary way. The goal is to reduce the probability of an incident, as the attacker would have to circumvent different types of protection. The rule of thumb is that the more sensitive the asset, the more layers of protection it should have. This principle looks at cybersecurity from the outside in. For example, a database that contains customers’ personal information, and is therefore governed under various global and industry data privacy regulations, should have more cybersecurity controls than an institutional website that contains public information.
  • Zero Trust: This principle considers every entity as hostile until proven otherwise. This means that no user, device, or network should be trusted without first verifying their identity, authorization, and other pre-established standards. Zero trust considers trust” as a vulnerability and seeks to eliminate cybersecurity blind spots. A zero-trust architecture is built from the inside out, that is, it assumes that the attacker is already inside the system and seeks to limit their access and movement.
  • Trust but Verify: Through auditing and monitoring mechanisms, this principle consists in always verifying known entities and trustworthy behaviors. The aim is to ensure that there is no deviation or fraud. Trust but verify recognizes that procedures are as important as technology and seeks to create a culture of accountability and transparency.
  • Shared Responsibility: Recognizing that cybersecurity is a shared responsibility among all parties involved is the foundation of this principle. This means that each party must fulfill its role in protecting assets and mitigating risks. Shared responsibility is especially relevant in situations where there is a service provider or outside party that is responsible for certain cybersecurity controls, as is the case with cloud computing deployments. In this case, it is necessary to clearly define the responsibilities of each party and establish service-level agreements specific to data protection requirements. In addition, this principle of shared responsibility, when correctly understood by the other business areas of the company, acts as a significant enabler for institutional and cultural change within an organization, and therefore promotes cybersecurity maturity.
  • Separation of Duty: It is important to consider the human element in cybersecurity architecture design. This principle consists of separating users’ roles and accesses according to their level of authority and responsibility. The goal is to prevent a single person from intentionally or unintentionally causing losses to the organization. Separation of duties aims to ensure that there is cross-control and segregation of interests between users. Access criteria can be defined by roles, groups, locations, time, or transaction types.
  • Least Privilege: This principle consists of granting users only the access and permissions necessary to perform their activities, and nothing more. One of the goals is to reduce the exposure and impact of an attack, as the attacker would have fewer resources to exploit if an account is compromised. Least privilege aims to ensure that users do not have more privileges than they need and that privileges are revoked when they are no longer necessary. This principle is especially important for data privacy compliance, as only a limited pool of authorized parties should have privileges to access and interact with personal information stored within the organization’s systems. The principles of “need-to- know” and “least privilege” are similar and should be applied on an ongoing basis.
  • Secure Defaults: This principle consists of configuring systems in such a way that cybersecurity takes priority over usability and functionality. The goal is to prevent users from making unsafe choices or leaving systems unprotected due to lack of knowledge or attention, that is, to start everything in a position of extreme security and intentionally adjust settings as needed. Secure defaults aim to ensure that systems are started in a secure state and that settings are adjusted only when necessary.
  • Fail Secure: This principle consists of designing systems so that they behave in a predictable and non-compromising way in the event of an error or failure. The goal is to prevent systems and environments from becoming vulnerable in the face of an unusual or adverse situation. Fail secure aims to ensure that systems are resilient and able to recover quickly. This principle is widely used in physical security controls, such as electronic doors, which open automatically in case of fire detection. Another practical example are web browsers that, in case of access to a website with a digital certificate error, prevent access and alert the user on the screen.
  • Privacy by Design: This principle consists of incorporating privacy as a foundational requirement in the design of systems, considering all legal, ethical, and social aspects involved in the processing of personal data. The aim is to protect the rights and expectations of data subjects by preventing breaches or abuses. Privacy by Design aims to ensure that systems follow the seven fundamental principles proposed by Ann Cavoukian, an internationally renowned leader and expert in data security and privacy
    • Proactive, not reactive. Preventive, not corrective.:
    • Privacy as default configuration.
    • Privacy embedded/incorporated into the design.
    • Fully functional – positive sum, not zero sum.
    • End-to-end security – full lifecycle protection.
    • Visibility and transparency – keep it open.
    • Respect for user privacy – keep it user centric.

Cybersecurity is not a technical problem that can be completely solved with technological solutions. Rather, it is a complex and dynamic practice that requires an integrated and multidisciplinary approach.

Carlos Araujo Jr., Senior Director and Antonio Gesteira, Senior Managing Director, FTI.

These are the leading secure design principles that should be prioritized as cybersecurity and data protection best practices. They can serve as a guide for companies and professionals looking to develop more secure and reliable systems and infrastructures. However, they are not enough on their own. It is also necessary to have a holistic and strategic view of data protection, considering the organization’s context, objectives, and risks. In addition, it is necessary to always be aware of technological changes, new cyber threats, and evolving data privacy regulations, seeking to constantly update knowledge and practices accordingly.

Finally, it must be made explicit that secure design is a matter of responsibility for all professionals involved in the development, implementation, operation, and management and use of information systems. In other words, secure design is everyone’s responsibility. Cybersecurity is not a technical problem that can be completely solved with technological solutions. Rather, it is a complex and dynamic practice that requires an integrated and multidisciplinary approach. Professionals should be trained and employees educated about the importance of cybersecurity, data privacy, and the principles of secure design. Only then will it be possible to build safe and fully reliable ecosystems that host and support the delivery of increasingly critical products and services to society.

Authors

  • Antonio Gesteira

    Antonio Gesteira is a Senior Managing Director within the Technology segment at FTI Consulting, and a seasoned e-discovery and forensic technology expert with more than 20 years of experience in supporting complex investigations and litigations. He has delivered more than 300 projects spanning emerging technology, data services, information security, internal and external audit support and electronic tax consulting across a variety of industries. He has led large investigations and risk management efforts in Brazil and internationally. As the Technology segment’s leader for the Brazilian market, Antonio works with clients to address a broad range of corporate risk and respond to high-stakes legal and regulatory matters.

    View all posts
  • Carlos

    Mr. Araujo has more than 15 years of experience in the cybersecurity and technology industry. He has extensive knowledge in areas such as cyber governance, risk & compliance, assessments, third party risk management, and data privacy. Mr. Araujo worked as Head of Information Security at Mutant, where he led the elaboration and execution of the Information Security Master Plan, focusing on a continuous and structured elevation of the maturity level through strategic partnerships. Mr. Araujo also has experience as a Cybersecurity Manager, where he worked on the analysis and remediation of internal and external infrastructure and web application vulnerabilities. He holds main certifications, such as CISSP, CISM and CRISC.

    View all posts

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.