Software companies, and data-rich SaaS companies in particular, will go through a paradigm shift over the next few years in which security becomes a company-wide priority. Rather than an after-the-fact compliance activity the best companies will treat security and privacy as a strategic imperative, incorporating security thinking into all aspects of their business. This slideshare introduces the concept of Security First, why it is important and what it will mean for your organization.
How to Troubleshoot Apps for the Modern Connected Worker
Security First: What it is and What it Means for Your Business
1. Security First: What It Means for Your Business 1Security First: What It Means for Your Business 1
What It Is and What It Means
for Your Business
Security First
2. Security First: What It Means for Your Business 2Security First: What It Means for Your Business 2
Security first
is a mindset.
It’s thinking about your company’s
security holistically from the ground up.
3. Security First: What It Means for Your Business 3Security First: What It Means for Your Business 3
That means looking beyond technical
considerations to see where security
fits into your:
Business model
Software development
People and hiring practices
Pricing
Approach to partnerships
Marketing
Research and innovation
✔
✔
✔
✔
✔
✔
✔
4. Security First: What It Means for Your Business 4
To do it right, security has to come
first in everything you do. It can’t
ever be an after thought.
5. Security First: What It Means for Your Business 5Security First: What It Means for Your Business 5
Putting security first not only
keeps your business safe,
it also helps you disrupt
your industry.
6. Security First: What It Means for Your Business 6
Just think of how innovative
companies are differentiating
themselves by focusing on
security and privacy.
7. Security First: What It Means for Your Business 7
Apple stands out
as a great example.
8. Security First: What It Means for Your Business 8Security First: What It Means for Your Business 8
They’ve taken a very public
and forward-thinking stance
on security and privacy.
9. Security First: What It Means for Your Business 9
“People would like you to
believe you have to give
up privacy to have AI
do something for you,
but we don’t buy that.
It might take more work,
it might take more thinking,
but I don’t think we should
throw our privacy away.”
– Tim Cook
10. Security First: What It Means for Your Business 10
Apple uses hardware protection
of encryption keys, end-to-end
encryption on iMessage and
differential privacy.
And it’s
more than
words…
11. Security First: What It Means for Your Business 11
And the strategy
is working!
Zero-day exploits for iOS
are now going for
big bucks.
12. Security First: What It Means for Your Business 12
“…I applaud Apple for trying to improve
privacy within its business models…”
– Bruce Schneier, internationally renowned security technologist
“The majority of enterprises still feel it
is easier for them to secure their
enterprise data on the iOS platform.”
– Dionisio Zumerle, Gartner
The reactions Apple
has been getting are
very favorable.
13. Security First: What It Means for Your Business 13
While Apple is a great
example of a company
that’s getting security
first right, most
companies don’t.
14. Security First: What It Means for Your Business 14
After Jeep Hack, Chrysler Recalls
1.4 Million Vehicles for Bug Fix
Target CEO Fired: Can You Be
Fired If Your Company Is Hacked?
Ransomware attacks to quadruple
in 2016, study finds
And that’s having
a major impact
in lots of ways.
15. Security First: What It Means for Your Business 15
Not only that, by 2020, the global
cost of cyber crimes is expected
to reach $2.5 trillion.
16. Security First: What It Means for Your Business 16Security First: What It Means for Your Business 16
To help put things
in perspective,
let’s take a quick look
at the history of
security threats.
17. Security First: What It Means for Your Business 17Security First: What It Means for Your Business 17
Little valuable data was online
Viruses weren’t a real threat
Crypto was for academics and geeks
1980s &
1990s
Back in the 1980s and 1990s,
there really wasn’t much going on.
2008 – 2016 Present Day2000s
✔
✔
✔
1980s & 1990s
18. Security First: What It Means for Your Business 18Security First: What It Means for Your Business 18
We had entered the age of
weaponized malware platforms.
Stuxnet attacks Iranian enrichment
Modular, updatable and extensible
malware
Botnets as a service
2000s
✔
✔
✔
2008 – 2016 Present Day2000s1980s & 1990s
By the 2000s, things had changed.
19. Security First: What It Means for Your Business 19Security First: What It Means for Your Business 19
2008 –
2016Anthem: Hacked Database
Included 78.8 Million People
2008 – 2016 Present Day2000s1980s & 1990s
And since 2008, we’ve seen an
onslaught of security mega breaches...
20. Security First: What It Means for Your Business 20Security First: What It Means for Your Business 20
Digitization of everything
Post-Snowden privacy mindset
End-to-end encryption in WhatsApp
Rise of blockchain and Bitcoin
2008 – 2016 Present Day2000s1980s & 1990s
✔
✔
✔
✔
Along with a variety of other
important changes.
2008 –
2016
21. Security First: What It Means for Your Business 21Security First: What It Means for Your Business 21
2008 – 2016 Present Day2000s1980s & 1990s
Differential privacy in mainstream
products
Blockchains everywhere
Passwordless authentication
Ransomware
IoT DDoS attacks
Present
Day
✔
✔
✔
✔
✔
Fast forward to present day,
and the changes keep coming.
22. Security First: What It Means for Your Business 22
Looking ahead at the
intersection of
security and artificial
intelligence (AI),
there will be challenges
and opportunities.
23. Security First: What It Means for Your Business 23Security First: What It Means for Your Business 23
The challenges will be
in terms of AI safety and
security, with hackers
potentially able to…
24. Security First: What It Means for Your Business 24
Convince a self-driving
car to swerve into
oncoming traffic.
25. Security First: What It Means for Your Business 25
Trick a bot into thinking
that someone else
requested a transaction.
26. Security First: What It Means for Your Business 26
Or make an industrial
system think that it’s
not overheating.
27. Security First: What It Means for Your Business 27Security First: What It Means for Your Business 27
There will also be opportunities
to utilize AI to increase cyber
security to...
28. Security First: What It Means for Your Business 28
Monitor and
detect events at
“beyond human”
scale.
Remove
human error from
writing and
patching code.
Human-like
pattern matching
for access
authorization.
29. Security First: What It Means for Your Business 29Security First: What It Means for Your Business 29
Automated detection, evaluation and patching.
The future is
arriving now:
30. Security First: What It Means for Your Business 30Security First: What It Means for Your Business 30
So what can you do to
help your company adopt
a security first mindset?
31. Security First: What It Means for Your Business 31
Here are three ideas
to start with:
32. Security First: What It Means for Your Business 32Security First: What It Means for Your Business 32
Make security decisions
early and often.1
33. Security First: What It Means for Your Business 33Security First: What It Means for Your Business 33
Build security into every
facet of your business.2
34. Security First: What It Means for Your Business 34Security First: What It Means for Your Business 34
Compliance is table
stakes. Go well beyond
security basics.
3
35. Security First: What It Means for Your Business 35
Last but not least, keep in mind that (good)
security is complex and that attackers are
adaptive and don’t play by the rules.
36. Security First: What It Means for Your Business 36Security First: What It Means for Your Business 36
Want to learn more
about security first?
Click here to listen to the podcast