By Volker Schütz
The first lesson to learn about security of products is that security is not a chip in the upper left part of your design. It’s nothing you buy as "fire and forget" solution. Security is a process. You need to consider it during your first design ideas and you still need to consider it when being in the maintenance phase of a product. At each stage you can easily completely ruin your security system.
The second lesson to learn is to list the possible threats and to decide which of those you want to protect against and which not. This is hard to understand, especially for people not deeply involved in the security area. "Why should I allow a certain attack?" or "Can't I just have a secure design?" are typical questions which arise. The lesson is that security is a trade-off between having secure designs and not spending too much money, time and resources. Finding the right balance is the key to having products with an acceptable time-to-market and budget on the one hand and a secure design protecting against the most dangerous attacks on the other hand.
The last lesson is that security by obscurity doesn't work. First, your enemies will find out what you have done anyway. You can't keep your security features secret. Second, if you just have a small men-in-black security team designing obscure security features, you miss the chance to review and audit your whole security system by enough experts to find weak points before the attackers do. Share your design; let it be reviewed by many experts.
Following these three principles is no guarantee for a secure product. There are many other pitfalls and the attacker just needs to find one of them, whereas the product owner needs to know and prevent all of them. This is a clearly outbalanced game. But when playing it with the right team you definitively have a chance to be successful with your product!