Security News > 2022 > August > Pulling security to the left: How to think about security before writing code
One approach to writing, building and deploying secure applications is known as security by design, or SbD. Taking the cloud by storm after the publication of an Amazon White Paper in 2015, SbD is still Amazon's recommended framework today for systematically approaching security from the onset.
SbD is a security assurance approach that formalizes security design, automates security controls and streamlines auditing.
As you begin to define the infrastructure that will support your application, refer to your security requirements as configuration variables and note them at each component.
The last step in the security by design framework is to define, schedule and do regular validations of your security controls.
It's crucial you do your homework, and if you find yourself subject to any of these additional security requirements, it may be worth contacting a security consultant that specializes in the particular controls needed, as violations often carry stiff fines.
Savvy CIOs are taking a proactive approach, pulling security conversations to the left, involving the entire business and embedding best practices in every step of the software development lifecycle.