Three Principles for Security-First Architecture

December 16, 2020

Originally written by Wire co-founder and CTO Alan Duric for Red Hat.

The COVID pandemic has pushed many companies to quickly digitize operations in order to support decentralized teams. Unfortunately, in the rush to provide these systems, many soon discovered that that ease of use, compatibility, and efficiency can come at a heavy cybersecurity cost.

While certain systems have always carried some security risk, the incredibly high numbers of remote workers and the ever-rising US$6 trillion+ threat of cybercrime have caused these vulnerabilities to be exploited en masse. In fact, large-scale breaches are reported to have increased by 273% in the first quarter of this year. Now, businesses are worried about updating their IT infrastructure and instituting safe digital work processes.

This article will focus on the business need for solutions that properly safeguard corporate data and some of the key elements architects should consider when building security-first platforms. While there are multiple applications these principles can (and should) apply to, most of the examples used below will focus on how they can be implemented in collaboration tool development.

Start from zero

Zero trust is not a new approach to IT security. It was a concept that was popularized nearly ten years ago yet is still making its way into actual implementation. For those that are unfamiliar, zero trust is a security strategy that assumes that everything (data, devices, apps, and users) inside or outside of the corporate network is a security risk and needs to be regularly and granularly authenticated and verified.

Zero trust is a critical element to maintaining security and privacy (in many products, including collaboration tools) because of its dynamic and thorough nature.

Planning

Architects looking to utilize the zero trust methodology first need to think about how their product/solution will fit into the overall IT environment and user experience to address any potential technology and regulatory challenges. It’s also important to evaluate the user experience. Who are the key users? What apps and systems do they use, and what kinds of access will they need? From there, it will be easier to develop goals and roadmaps around protecting and controlling mission-critical data in a compliant manner.

Systems and protocols

Zero trust is a good proactive defense against cyberthreats because it is dynamic and hyper-vigilant. With this type of framework, there are no default configurations. Architects must build systems that continuously monitor all network communications, constantly monitor all users, and utilize comprehensive system permissions and safeguards. This principle of constant monitoring and verification typically translates into stringent protocols such as multi-factor authentication, identity access management, end-to-end encryption, orchestration, analytics, and other comprehensive system permissions.

Embrace hyper-transparency

There have been many cases where platform providers have not been entirely forthright about how their tech is built, what security measures are put in place, and how user data is being routed or used. Privacy takes a great deal of intention to protect, as the advocacy group Electronic Frontier Foundation (EFF) outlines in their privacy guide.

Architects that are truly interested in building platforms that prioritize security need to accept that security, privacy, and transparency go hand-in-hand. There is no true security if there is a violation of privacy, and the best way to prove true privacy is by offering hyper-transparency into how a product is built.

Institute checks and balances

In some ways, you can never be truly done with building a security-first platform. Truly secure platforms require constant checking, digging, and improvement.

That being said, it can be hard for architects and their teams to spot gaps in their own technology because they are so immersed in it. The best way around this (and to ensure all bases are covered) is to get regular security audits from a third party. Third-party experts like security researchers, universities, and other organizations can help provide an in-depth and credible assessment that may help win the trust of prospective customers. But more importantly, having independent audits from other experts can offer architects an unbiased and fresh perspective on their own system’s design and flaws.

Conclusion

There is mounting pressure to figure out the problem of security from all sides. Advocacy groups have started demanding that vendors put out transparency reports, governments are enforcing regulations with high culpability like CCPA and GDPR, and businesses are zeroing in on security, privacy, and trust as deciding factors for their tech investments. In order to meet this challenge, architects need to do more than reactively patch flaws or retroactively refurbish systems to have better security protocols. Architects that want to create systems for the future need to design with security-first architecture that embraces the mindset that everything should be scrutinized and authenticated, implements cutting-edge cybersecurity protocols, and operates on a philosophy of transparency.


About Wire

Wire™ is the most secure collaboration platform, transforming the way businesses communicate at the same speed that our founders disrupted telephony with Skype. Headquartered in Berlin with offices in Switzerland and San Francisco, Wire’s award-winning collaboration and communications platform counts over 1,800 enterprise customers worldwide. Recognized by IDC, Forrester, and Gartner as one of the most secure collaboration platforms, Wire offers messaging, audio/video conferencing, file-sharing, and external collaboration - all protected by the strongest end-to-end encryption.

If you are searching for the most secure collobration platform, look no further. But don't take our word for it, try it for free today.

Looking for a walkthrough of our enterprise communication solution? Contact us today to learn how Wire™ fits into your organization.

Back to all posts
ProductWire ProWire RedWire EnterprisePricingWhy Wire?
ResourcesDownloadSupport & FAQResellers & PartnersSource Code
LANGUAGEEnglishGerman
CURRENCYEURUSDCHF
© Wire Swiss GmbH