Security by Design for
Critical Infrastructures

 

Security by Design" originated in IT as a principle for developing secure software, aiming to design software solutions in such a way that they are not or only with high effort, vulnerable during practical use. This principle has already established itself in the software industry since the associated costs are significantly lower than the costs incurred by cybercrime.

However, what about implementing "Security by Design" in the conception of IT infrastructure? Is it possible to operate networks in such a way that security, scalability, and usability remain in harmony? How can requirements of GDPR or principles such as Zero Trust Network Access (ZTNA) be implemented in a way that cyberattacks become less likely through the conception of the network and selection of components used? Reducing possible attack surfaces for cybercriminals is becoming increasingly important, and it is crucial that the user is assigned only the privileges necessary to perform their task (PoMP – principal of minimal privilege).

The new way of working has shown that conventional methods of connection through VPNs quickly reach their limits, not only technically but also financially. In practice, the PoMP principle cannot be realized adequately when using VPNs since a VPN initially allows the user to access the entire network, which must then be restricted again with great effort. While VPNs were originally used for secure site networking, they no longer fit in a "work from anywhere" dominated working world.

Thoughts on Best of Breed

We, as individuals in our private lives, also tend to pursue "Best of Breed" from time to time. Whether it's with our phones, tools, or other things in our lives, it's in human nature to maximize utility, and "Best of Breed" often means just that - the best equipped or most powerful, in other words, the best in its class. However, there is one problem with this approach:

When it comes to a cohesive structure consisting of many subordinate solutions, Best of Breed can become Best of Problems - and that's exactly what happens in IT. Being the best in its class doesn't necessarily mean being the best in adapting, integrating, or collaborating. It's wonderful to have the best of each component in a system. But now, imagine a group of the world's best scientists, one from India, one from China, one from France, etc. - each of whom only speaks and writes in their own native language. Now you have Best of Breed in one room, and the team is only as good as the one best among them, as team performance cannot be utilized - how can they communicate with each other?!

In IT, it's the same thing. Having the best of each component is really great, but can the individual solutions work together seamlessly to achieve the required system performance? Hopefully, because communication problems in security-related systems can potentially cause great concern.

How about trying the approach of "Best of seamless Integrators" then?

Did our tips help you? As always, we look forward to your feedback and are of course always there for you if you have any questions.

Kind regards,

 

E-mail: f.heller@beyondssl.com

Phone: 0049 911 495 229 37