Enabling rapid innovation in the era of privacy, consent and trust
Agile development practices based on shared code reuse have been the hallmark of recent innovation efforts. Concurrently, DevOps practices have focused development efforts around incremental changes in product features which when combined with operational knowledge create a feedback mechanism which improves overall product quality. Injecting security practices into this cycle is a key component of any commercially successful product – due in large part to expectations consumers have around the security of their personal data.
One key aspect in our ability to innovate quickly is access to high quality building blocks and software libraries. While some libraries originate from commercial vendors, increasingly these libraries are community developed and freely available under open source licenses. Regardless of the source libraries, the overall security of any application is a combination of the security practices present in both custom code and these building blocks.
If we then introduce into this agile development paradigm built using third party components aspects of regulatory requirements, managing the security and privacy expectations our customers have becomes ever more challenging. This is precisely the world we find ourselves in with regulations like GDPR, CCPA, PIPEDA and the US Shield Act. Despite the perception that regulations like GDPR are focused solely on data breaches and breach reporting, the reality is that they express a strong opinion on how products and services are designed and should be secured. While each of these regulations has the laudable goal of improving how personal data is handled, complying with them requires a thorough review of both how software is developed, and any assumptions made throughout the software development lifecycle. Critically, this review needs to understand the lifecycle of the data in addition to any security practices implemented in a given application’s release. This is due in large part to the reality that the trust placed in an organisation by its users is a function of how well that organisation meets user expectations of privacy.
In this session we’ll look at privacy expectations set by a few global regulations and how they impact product design. The risk elements present at each stage of development from design through to release will be identified with an indication of which security tooling is best equipped to express an opinion on the overall security of the product during that stage of development. Attendees will leave with an increased awareness of the complexities of data management and how they related to user consent, privacy and the trust placed in the brand.