A new approach incorporating security measures from the outset and offering peace of mind for our customers
Securing software is often reduced to a simple security assessment carried out at the end of development, just before it goes into production. However, detecting a flaw at this stage can lead to considerable additional costs and delays. The ‘Security by design’ approach proposes integrating security measures into the software development process from the outset, and maintaining them throughout the software’s lifecycle. This approach begins with an analysis of the security objectives to be achieved, the specific requirements to be put in place, and the architectural choice aimed at reducing risks right from the design phase.
What solutions does Softcom actually offer?
Softcom is already incorporating a formal ‘Security by design’ approach into its offerings. This means producing a ‘Threat Modeling’ at the design stage, a document that will serve as a reference throughout the development and maintenance process. This document presents the solution in context, taking into account the customer’s IT environment, end-users and integrated systems with their various data flows. The various threats are identified, assessed and prioritised, enabling the customer to make informed decisions for optimal risk and cost management.
But what is “Threat Modeling”?
Let’s take the example of building construction. Just as a house needs to be designed to protect against intrusion, taking into account its location, environment and contents, an IT solution needs to be designed to take into account the potential threats specific to its context of use. Threat modelling is therefore the equivalent of a security plan for an IT solution, enabling the necessary protection measures to be defined as a function of the risks identified.
What are the advantages of this approach?
There are many advantages to integrating safety into the early stages of design. In particular, it makes it possible to precisely define the level of security required according to the context of use, thereby reducing overall risks and costs while guaranteeing an optimum level of quality. In addition, a well-documented security architecture makes it easier to carry out subsequent security assessments, such as penetration tests. This approach enables Softcom to guarantee optimum security throughout the project, giving its customers peace of mind.
In conclusion, Softcom chose this approach because, over and above regulatory requirements such as ISO 27001, it is convinced that ‘Security by design’ represents an essential investment for its customers. Threat modelling, as a concrete deliverable, provides transparency and tangible proof of Softcom’s commitment to security. What’s more, this initial investment quickly translates into time and cost savings, as well as greater mutual understanding between Softcom and its customers.
