Improving the Security on Complex Software
When you’re building complex and custom software, there are always a lot of considerations such as the user experience, new features, and getting the software shipped as soon as possible. But, when you’re building software, it’s crucial to be aware of security.
To help sort it all out, we recently chatted with John Hightower on Aptera Live. He has a background in cybersecurity and currently works for a large government agency. Watch the full Aptera Live or continue reading to learn some of the main points.
Keep Security in Mind While You’re Building Software
When organizations are first building software, they typically just try to get the features out. Instead of thinking about security to begin with, they’re concerned with features and shipping the software.
“This actually happened to Facebook,” John said on Aptera Live. “When it first started out, you could hack Facebook easy.”
He went on to explain that Facebook was only concerned about increasing their user base and didn’t consider security. “You don’t think about security until you need security. Until someone says you have to have it or you get hacked.”
Instead of only thinking about security when you’re in a dire situation, John recommends thinking about security upfront. When you’re considering security while you’re building the software, you’re saving time, creating software that’s secure from the start, and avoiding a lot of rewriting.
The Risk is Never Zero
When you have software, it can never be completely secure — it’s all about weighing the pros and cons. You must compare the cost of the software with the risk with the cost of not having the software at all.
“One of the things is zero is if you unplugged your network…So it’s never zero. The thing is, it’s like a bear’s coming, we both put our shoes on, I just need to outrun you. Because, if you’re easier to hack than me, my company could last,” John said.
While there is always risk with software, stay as secure as possible by doing your due diligence, not being negligent, and giving your business the information needed to make a smart decision.
Review Every Piece of Software
During Aptera Live, John stressed how important it was to check every piece of equipment. “That’s part of what I do is risk assessment for anything that comes into the agency, we review all software,” he explained. “Any software that’s on your network could be a risk.”
He went on to explain that a casino was hacked through a fish tank. The tank was on the network because they needed to track how much pH was in the saltwater. “That was their first entry point,” he explained.
Many companies are hacked through the HPAC unit, make sure to review everything and keep it up to date.
Integrating Systems in a Secure Way
When you’re merging organizations, there are many things to consider while integrating the systems. John often has to do this in his job, and suggests thinking about three things: security, the fastest way to merge systems, and the cost.
“We go through it and think ok this is their product suite,” he continued. “This is what matches ours, this is what we think they can get rid of, this is what we think is vastly insecure, so we should never run it.”
In addition to those questions, he considers which software is the best, how long it will take to integrate the new systems, what’s the best way to move the files, etc.
Keep Everything Updated
Along with keeping your business secure, you should make personal security a priority. John says the biggest thing you can personally do is keeping everything on your network updated.
When most software is updated, it has security patches, which helps immensely. “So I think that’s the, for me, that’s one of the number one hygiene, give me updates,” John said.
Are You A Leader Who Pushes Software Initiatives Forward?
Get an Aptera Team on Your Side