Security is at its heart

Our Senior Developer, Richard Thomas, reflects on his time so far at Castrum...

by Richard Thomas

Whilst reflecting on my first few months with Castrum, which have gone in a flash, several things stayed in my mind.

The first is that feeling when joining a new company and the steep learning curve that we all have and wanting to get up to speed as quickly as possible. Second, how rewarding it can be working with other professionals who are truly passionate and care about what they are delivering to customers and have retained that passion over many years. Finally, how here at Castrum, Security is at its heart.

Being a more ‘experienced’ developer, I have worked on many projects within more than a few companies, where typically, security is seen as something to add after the basic functionality has been written. A security layer is added to act as a mythical gate keeper to keep the underlying systems and data safe. However, if this is penetrated then often no other security restrictions are imposed or checks made. Does this sound familiar?

Security needs to be incorporated into solution design from its very early stages. When security is part of the initial concept then it is built to minimise damages, rather than trying to close vulnerabilities as an afterthought. Use the 3 Core pillars of information security as a guide.

Confidentiality – only allow permitted users access to data for which they are permitted

Integrity – ensure data is not tampered or altered by unauthorised users

Availability – ensure systems and data are available to authorised users when they need it

When thinking about writing an application, or amending functionality of an existing one, considering each pillar in turn will assist in producing a robust security control. The best system designs and design documents contain security discussion in each and every feature, how the risks are going to be mitigated, and what was actually done during implementation and testing. By developing systems in this way, security becomes embedded, security is at its heart.

Download security overview >