Secure Build
The Age of the Breach: What is Modern Data Security?
Modern data security is critical to every business
We’re all familiar with the embarrassing, damaging data breaches that have been made public. To name just a few recent examples, British Airways customers’ data was stolen, credit card info was exposed in an Orbitz breach, and, thousands of T-Mobile passwords were hacked. And those are just the publicly known breaches. For every massive misstep we’ve heard about, there are countless more minor ones and near-misses that happen routinely.
Mistakes can happen, even when the devs and architects in question are careful and experienced. But the current online environment – with ever-more sophisticated malware and bad actors – is brutally unforgiving of mistakes. Any business that doesn’t approach data security with deadly seriousness is living on borrowed time.
It’s time to step it up and clamp it down.
The 4 Factors of Modern Data Security
To ensure your organization is fully secure, you need to consider four factors: culture, tools, policy, and training. Here’s a quick look at what each of these entails.
1
Culture can be a squishy, inexact term. But in this case, we mean something very specific: creating mindfulness and awareness of security as a top-of-mind issue in everything we do. Making security a bedrock principle every bit as powerful as our commitment to Inclusion and Diversity. No meeting, no communication will pass without discussing security. Culture is what will influence the micro-behaviors that animate what we do on a moment-by-moment basis, and on a builder-by-builder level.
2
Now let's talk tools. One example of Slalom Build's dedication to modern data security is our Static Code Analysis tool, which will include objective and repeatable security reviews of all technology deliverables. We also work with clients to incorporate legacy tools they’ve already invested in and guide them to newer tools that our experience shows will maximize data security.
3
Policy will be an area in which your – and our – commitment to security is most thoroughly expressed. For instance, our Builders always work in pairs when moving data. Always. There are always two sets of eyes on-screen when data is moved from location to location. Second, our Builders will only work with sanitized data, which includes anonymized or masked data, or data sets that are confirmed to be harmless by our clients. A third tenet of our modern data security policy is that we will never, ever, under any circumstances allow un-sanitized client data to reside on Slalom Build infrastructure. Period.
4
And finally – training. Training your internal staff (as well as any vendors who come in contact with your data) on modern data security is key. Slalom Build takes training extremely seriously. Our Builders will participate in an annual secure code training. This will instill the best practices for securing data and code through our Product Engineering Methodology. In certain cases, we may implement tactics to go into even deeper or more targeted Secure Code training for specific Build capabilities or roles. Training will include a specific emphasis on Secrets Managed (programmatically and manually), will be incorporated into our employee onboarding programs, and will be annually refreshed to stay current.
Slalom Build will never stay stagnant in our goal to help the disruptors in the world, and our new Secure Build framework will create the next-level of protection our Builders, clients, and users are looking for.
TONY ROJAS, PRESIDENT, SLALOM
Slalom Build is taking up the challenge of data security with our typical relentless, obsessive focus, and codifying that focus with an initiative called Secure Build. This initiative brings all of our experience to bear on all four of these fronts.
But won’t all this security slow us down?
Not necessarily, if you handle it correctly. A common challenge with robust programs like Secure Build is maintaining the highest standards of security…all while building at the speed of business. But there’s a difference between rigor and bureaucracy. We won’t get bogged down in the “theater of security” by focusing on what APPEARS to be the most secure as opposed to what in our experience is ACTUALLY secure. We aim to have our security practices so inherent to what we do that they become second nature.
To that end our policies describe the outcomes we’re looking for, and focus less on the implementation tactics and process details of how to achieve them. Policies are not the same as the tactics that are required to operationalize the rules.
The future is secure
It’s easy to oversample on the negative when talking about data security. Usually the focus is on avoidance – of disaster, embarrassment, loss of trust – and on compliance with outside regulations. While understandable, this misses the real opportunities businesses have to distinguish themselves with superior data security. Far from seeing it through a lens of fear, Slalom Build views it as an opportunity to build trust, operational efficiency, and competitive advantage.
Being more mindful and intentional in how data is collected and used will, for one thing, help eliminate unnecessary data collection – which can not only increase the danger of that data being breached, it can help website and overall IT infrastructure run more cleanly and efficiently. Collateral benefits of better data security can include a more efficient digital supply chain, better campaign performance, and better overall ROI.
With the introduction of Secure Build, we’re embracing data security as something inherent to how we do business. And do so with confidence as well as optimism.