Secure Your Products

Improve Security Outcomes for Your Customers  

As a technology provider, you know that individual and business customers use the products you create every day. They use them to store their sensitive data on critical internet-facing systems that directly impact economic prosperity, livelihoods and even health. Your products and the systems they connect to are under constant attack by threat actors seeking to disrupt our way of life and steal data.

Yet, the burden of such threats often falls most heavily on those who are the least prepared to deflect them—individuals and small and medium businesses. CISA urges technology providers to change this paradigm and make products Secure by Design.

Secure by Design is a set of core principles for technology providers to build product safety into their processes to design, implement, configure, ship and maintain their products. The goal is to help us achieve a safe and secure future. You can take ownership of improving the security outcomes of your customers by designing and developing products that are safer out of the box...helping all of us to Secure Our World.

What is “Secure by Design”? 

“Secure by Design” changes the focal points of product design and development processes. The aim should be to prevent your customers from having to constantly monitor, bolt on other security products and perform damage control on their systems to mitigate cyber intrusions. So, design your products to minimize security flaws and sell them with default settings that make them safe “out of the box.”

Secure-by-design products are those where customer security is a core business goal, not just a technical feature. Secure-by-design products start with that goal before development begins. Providers should:

• Build technology products that reasonably protect against malicious cyber actors successfully gaining access to devices, data and connected infrastructure
• Perform a risk assessment to identify and enumerate prevalent cyber threats to critical systems, and then include protections in product blueprints that account for the evolving cyber threat landscape

By implementing Secure by Design principles during the design phase of your product’s development lifecycle, you can dramatically reduce the number of exploitable flaws before the product goes to market. By "shifting left," manufacturers can focus on preventing the introduction of well-known and easily exploited defects into their products. 

When products are Secure by Design, they are secure to use out of the box with little to no configuration changes or additional charges. They include security features at no additional cost to the consumer. Such features may include:

• Enabling multifactor authentication (MFA)
• Gathering and logging evidence of potential intrusions
• Controlling access to sensitive information (such as Single Sign On)

Secure by Design products are designed to make customers acutely aware that when they deviate from safe defaults, they are increasing the likelihood of compromise unless they implement additional compensating controls.

“Secure by Design” moves much of the security burden to technology providers and reduces the chances that customers will fall victim to security incidents resulting from misconfigurations, insufficiently fast patching or many other common issues.

For more information, check out our Secure by Design page, where you can download our paper on Shifting the Burden of Cybersecurity Risk, read our latest Secure by Design alerts and check out our blogs. 

Return to Secure Our World