Secure by Design
No app is 100% secure. Hacks are inevitable and data theft a very real threat. That’s why it’s all the more important that developers create their products with security at the heart of everything, not as an afterthought.
Over the last few years, stories about companies being hacked and data stolen have become commonplace. Sometimes these attacks target email addresses and names, other times they go after credit card information or passwords and other crucial pieces of personally identifiable information.
These attacks and data thefts occur due to software or technology that has holes in its security. Often they can be attacks on systems that have been around for a while and have had to evolve with technology over time — commonly known as ‘legacy’ systems. It’s difficult and expensive to upgrade security on these systems. Legacy systems were typically ‘on premise’ i.e. the software was run in a controlled closed environment and not using public cloud services. The cloud has transformed software infrastructure, and has allowed us to access music, video and a ton of other services in a simple and seamless way. However, this on demand, low price option is easier for hackers to target precisely because it’s publicly available.
Security has transformed in recent years with artificial intelligence being used to predict and stop threats while protecting the system and its users.
But it’s not just about the infrastructure that a developer uses. The weakest point of any system is the end app, i.e. the app on a phone. If that hasn’t been built with security in mind then it’s more likely to become compromised.
Secure by design is a mindset, it means that any design, feature or upgrade made to an app must have security as its top priority. This most likely means it will take longer to develop and probably cost more. Fine. Ultimately, it is a developer’s responsibility to make sure their users are safe. Being realistic, no app is 100% secure, so it has to be developed with an assumption that at some point it will be hacked. To handle this, developers must build safe guards and monitoring so they can be alerted when something looks suspicious. This could be spikes in usage or traffic, multiple failed logins or regular, consistent activities that look automated.
Secure by design is a mindset, it means that any design, feature or upgrade you make to you app must have security as its top priority. (Pete Casson, CTO at Collctiv)
At Collctiv, Secure by Design is one of our values. We take security incredibly seriously. We work with the leading security systems and providers to protect you and your data. A good example of this is the in-app chat functionality. All messages are end-to-end encrypted, which means that only people in the group can see the messages. We cannot see any of the content that you post in those groups, and only your phone holds the keys to unlock that information. With our payment system, we use one of the leading payment providers in the world who use the latest in security and monitoring.
Security should be a core feature when developing, and for Collctiv it is one of the values that we live and build by.