Security by Design: Shifting a Common Concern to the Left

July 2, 2021
min read
Security by Design: Shifting a Common Concern to the Left
Security is an evolutional process that should be implemented on time and improved continuously. A Security by Design mindset will protect customers and their assets.


The Challenges of a Modern Society built on Software

Due to rapid increases in dependency on everyday products, services and processes in the underlying software, secure software development is an ever-growing topic.

Any well-established company’s reputation can be damaged by the most basic malicious attacks at the drop of a hat. Security has become one of the top priorities in software delivery over the last few years and is not something that can be added, nor a product that can be bought, but rather an evolutional process that should be implemented on time and improved continuously.


Security is about mitigating risk


When an organisation ignores security issues, it will most likely expose itself to risk by making large amounts of sensitive data stored in business applications, vulnerable to being stolen or tampered with at any time by hackers.

Risk is the likelihood that a threat can exploit a vulnerability, this being a weakness or gap in a security program that provides unauthorised access to an asset. Assuming that every business depends on information, information systems can expose it to attacks by exploiting vulnerabilities that take advantage of or cause damage to an organisation or individual. Situations that inflict reputational damage on an organisation will ultimately result in far greater losses than the direct cost of the particular event.

Security shall be tacked by all professionals - from project managers to operators involved in the delivery and operational processes. Every stage is part of a Secure Software Development Lifecycle, from design to development, testing and operation.

Security issues can be detected just as any other defect. In terms of bug fixing costs, the later they’re detected in the software development lifecycle, the higher the cost for fixing them, so implementing an adequate testing strategy earlier in the development lifecycle saves effort, time and money to fix security issues.


Application Security


Application Security (AppSec) refers to processes delivering more secure and resilient solutions by detecting potential security vulnerabilities in advance, from the Design to Deployment phases, and resolving them adequately.

AppSec encompasses secure:


Celfocus holistic approach to Application Security

Celfocus has a holistic approach to Appsec acting as an enabler and promoter of its clients’ Digital Trust.

Application delivery is much more than just coding, it’s a complex process involving different team member profiles: Product Owners, Project Managers, Analysts, Architects, Developers, Testers, DevOps and Security Analysts. These contributors’ work must be synced and aligned with Application Security best practices.


Secure Software Development Lifecycle

Celfocus has a holistic view regarding software development in which security plays a fundamental role. Teams are trained to ensure Security by Design - as the most effective approach to prevent code vulnerabilities and influence the overall product strategy by shifting-left security controls.

Four macro processes can be easily educed to help clarify this flow:

Shift-left security means setting up security controls throughout all delivery stages:




By acknowledging the importance of adopting a Security by Design mindset to protect customers and their assets, Celfocus approach to Application Security ensures that the following interconnected aspects are safeguarded:

Having these aspects under control allows organisations to avoid financial consequences, as well as losses in sales or fines, and maintain their reputation intact.



Written by
Download White Paper
Ready for a deep dive?

Security by Design