This blog is part two of a five-part series exploring the critical steps to building a secure cloud environment. This resource offers a snapshot of the key points from the corresponding webcast Cloud Security Strategy: First Principles and Future Opportunities (Part 2 of 5), Secure by Design: Elevating Security Beyond Defaults. Register and watch the replay to reinforce your learning.
Read Part 1 of the series, here.
In this session, Paul Vixie, Deputy CISO at AWS, and Eric Johnson, lead author of SANS Institute's SEC540 and SEC510 courses, delve into the principles of Secure by Design (SbD).
What is Secure By Design?
SbD is an approach where security is integrated into every stage of development, rather than being added to systems and workloads later in the deployment cycle. This mindset ensures security measures are embedded from the starting design phase to create resilient and trustworthy systems. Unlike Secure by Default, which focuses on secure configurations "out-of-the-box," SbD emphasizes security considerations as essential design elements that influence all aspects of a product’s lifecycle.
Secure by Design vs. Secure by Default
As Vixie explains, SbD is about reducing the need for users to make complex security decisions. “What we have to do as designers and builders,” he notes, “is to make sure there’s nothing that we knew about that the customer doesn’t know about.” By baking security into design, SbD reduces the risks and complexities for end users, giving them systems that are reliable, secure, and less likely to require as many fixes in the future.
To illustrate, Johnson recalls the early challenges with home network routers: “My mind kind of shifts back to the early days of home routers… users would unpack that thing, set it up, and leave it in that default state up until it was pwned at some point down the road.” By combining SbD with Secure by Default, the configuration burden on users can be reduced while also maintaining security from the start.
The Role of Automation and Testing
Automation and continuous testing are important steps in ensuring SbD practices are followed. As Johnson notes, "Automation and testing is… always going to come up when you talk about the software development lifecycle (SDLC)." By establishing automated security checks, teams can address vulnerabilities earlier in the SDLC. Automated threat modeling and testing further reinforce this proactive approach by identifying risks well before production, facilitating prompt fixes and preventing issues from reaching end users.
Automated testing that simulates potential threats helps developers understand how changes impact system security and adds an additional layer of defense. Johnson also discusses “policy as code” initiatives which establish and enforce security policies throughout the design process.
The Cultural Shift to Secure by Design
Adopting SbD requires a cultural shift where security is a shared commitment across all teams not just the security team. This approach empowers each department to prioritize security as a core function in every stage of development. As Vixie explains, AWS fosters this mindset by implementing a "security champions" program. This program enables members within development teams to undergo specialized training in security best practices. This allows these "champions" provide early intervention that minimizes the likelihood of security gaps before they reach the AppSec team. For companies new to SbD, establishing a similar security champion initiative can be a low-investment yet high-impact step.
Continuous Improvement: Evolution and Threat Modeling
As threats continuously evolve, so must security approaches. Vixie highlights that SbD is a mindset that acknowledges constant change and anticipates potential vulnerabilities: “Your supply chain is in motion… we’re not going to be doing a background check on every developer.” Instead, automation and regular monitoring ensure that systems are prepared to address emerging threats, adapting as the technology stack evolves.
Threat modeling helps security teams proactively identify and address risks. Vixie stresses its importance, “Make sure that the underpinnings, as they evolve, are things we have evolved and adapted to.” By continuously reassessing system design against new vulnerabilities, organizations can maintain a resilient security posture that prevents outdated software from becoming a liability.
The Benefits of Secure by Design
The SbD approach benefits organizations by building long-term security and sustainability into their systems. Vixie notes that a proactive approach enables companies to avoid “the wrong kind of technical debt,” reducing long-term costs associated with security incidents. By cultivating an SbD culture that includes automation, continuous testing, and shared security responsibility, organizations can create systems to withstand the future threat landscape.
Complete Your Learning Experience
Register for the full five-part series, and for additional insights, check out Part 3 in this blog series. These sessions and corresponding blogs are essential for security leaders aiming to proactively secure their cloud environments and stay ahead in the rapidly evolving cloud security landscape.
