Remaining Secure

Steadily providing trusted and secure application on the wide wild web

As an application manager or digital business manager, ensuring that your online application remains secure can be challenging. This is especially true when your digital application can be accessed by any actor on the internet, should it be AI, automated processes or a human. Today we look at some tips that will help you stay secure out there.

Tip 1: Stay up to date

Your application is composed of multiple components such as modules, plugins, database etc. You must make sure that these components remain up to date, and follow the security announcements of these components. This implies that your configuration management is kept such, that you can easily upgrade components and ensure that they still work together seamlessly before placing the updated version online.

Tip 2: Reduce your complexity

Keeping it simple is one of the best way to reduce the risk of forgetting to update a component, of having vulnerable old components in your applications or having adverse reactinon when components interact together.

By reducing the complexity, you will reduce your maintenance costs, especially the ones related to security updates.

Use complex applications or services only when necessary. For example when planing for your website, ask yourself how often it will need to be updated, and when planing for your online shop, look out there for services that might allow you to create a shop without the maintenance hassle on your side.

Tip 3: Know your application

Modern online applications are a “stack” of components. It starts from the disks, memory and CPU, up to the running code for your application. By keeping a full and clear bill of material for an application, including requirements, design decisions, versioning, code artefacts and test results, you make it possible for you and your team to better know your application. This way, you’ll easily be able to identify which reported security issues affect your application.

Tip 4: Challenge assumptions

Before going live with an application, and after each configuration change, it’s recommended to challenge the security of your applications. By performing at minimum a yearly penetration test on an application, you ensure that you are not only passively waiting for security issues to be discovered by others, but that you are actively challenging your own security. This is most important, especially when dealing with sensitive data.

Tip 5: Security by design

Before starting to develop and deploy a new application, evaluate the risks and security implications for your organization and your users. You must ensure that the right ressources are allocated to the project and it’s security aspects. Similarly to a structure engineer, you will certainly not need a full-time security specialist to join your team throughout the project. You still want to get a security specialist to give you their opinion at each step of the realization, starting at the design phase.

Tip 6: Remain in control

When a security incident happens, or a security issue is reported, you want to be the first to react. Implementing monitoring and alerting, having a security response plan, together with a properly trained support team is crucial to ensure that you remain in control of the application and react accordingly to the events that will hit you.

Jul 1, 2024

Published on Jul 1, 2024 by

Published on Jul 1, 2024 by

Gabriel Tanguay

Consultant

Aligning people, business and technology

Gabriel Tanguay

Consultant

Aligning people, business and technology

Stay safe out there

Creating and operating online applications is an exciting endeavour, as it forces you to stay on the top of your game, as you offer meaningful and useful services to your users.

At Luzid, we help decision makers navigate this field, while supporting their team where they need it, when they need it, in a transparent, clear and luzid manner.