- Security TWENTY
- Women in Security
In the rush to get new apps to market before the competition, start-ups are cutting corners. Yet in an era of escalating cyber security threats and punitive data protection regulations, a failure to prioritise security is compromising customer data, leaving the business at risk of both fines and reputational damage, says Nick Thompson, Managing Director, DCSL Software. Any start-up looking to create a great app with long term value must look at the full development requirement – and that includes rigorous cyber security, he writes.
Whether based at Silicon Roundabout or a barn conversion in Worcestershire, the drive to create a popular app continues to inspire innovative start-ups. As app opportunities expand beyond traditional tablets and smartphones to include connected cars and virtual reality devices, funding for start-ups shows no sign of slowing.
But there is so much more to long term success than a great idea. While there are any number of people out there who can code an app, what about the underpinning infrastructure? Where is the data going to be hosted? How is customer support going to be delivered and, in any era of escalating concerns regarding the safety of personal data, what is the security strategy? Just consider a recently developed app designed to improve the life of people living with a terminal illness for example there may be sensitive information that must be safeguarded – imagine the outcry from their loved ones should information be compromised in some way.
When the vulnerability of weak and out of date security processes is revealed by another data breach virtually every week, no business can afford to overlook security requirements. Organisations’ reputations are being damaged and, with the forthcoming General Data Protection Regulation (GDPR) promising fines up to €20 million or 4% of turnover, whichever is the greater, few organisations will be able to afford a lackadaisical approach to security. So while it is tempting to try to rush a new app to market without looking at the full picture, overlooking the security requirements could result in business failure before the great idea has even got off the ground.
Yet for the vast majority of start-up organisations security remains an incredibly low priority – if it is even considered. As a result, many organisations are simply assuming that an app developer will have the skills to add on the required security solution. This is simply not the case. Can you really expect a coding expert to have the knowledge to successfully implement data encryption? Ensure firewalls are correctly deployed and updated? Or manage intrusion detection?
Robust app development requires a team with diverse skills ranging from business analyst to technical architect; front end developers, security experts, and, critically testers. With the recommended ratio of one tester to every two developers, a successful team will require a minimum of five people. And that is where a bespoke software development company that has spent years building up the right skills can ensure every aspect of the app development model – especially security – is addressed.
Furthermore, bespoke development specialists will follow a robust security methodology and have proven credentials by achieving security standards, such as ISO 27001 accreditation and Cyber Essentials Plus, the government backed scheme to improve the resilience of UK business. Under GDPR, these organisations will also bear responsibility for the safety of data – it is both the data controller (owner) and processor (such as a third party software provider) that will face the wrath of the regulator should a breach occur – and will have put in place robust processes to encrypt and manage data as a result.
The fact is that cyber security threats are an everyday occurrence in today’s digital world. In the rush to get an app to market, can any business really afford to short-cut security?