You wouldn’t drive without a seatbelt, would you?
When the car became readily available the amount of traffic accidents and deaths started rising. This was only a natural consequence of more cars in movement. Yet since 1965, that was the year with most traffic deaths in Sweden, the numbers have been in decline — even though the number of cars is on the rise. This is not by chance — it’s by design.
Today we see more software being used than ever before and it’s steadily on the rise. More interactions and transactions are done digitally than ever before and we see a steady rise in security breaches.
The automotive industry made a conscious choice to combat traffic deaths and raise security in their industry, and in 1959 Volvo delivered the first car with a three-point seatbelt and subsequently made the new seat belt design patent open and free in the interest of safety. This is relevant because 40% of all people that die in car accidents in Sweden today aren’t wearing a seatbelt.
Sweden is also one of the safest countries to drive in, this is mostly due to traffic safety education and investment from the government. In 1997 Sweden introduced “nollvisionen” which states that nobody should get severely hurt or die in a traffic accident, while this is admirable it’s probably not an achievable goal while still having traffic. It could become a reality if we ban cars, or don’t allow people outside at all. Of course, that is unrealistic — just like saying our software should NEVER have a security breach is unrealistic — however the vision is admirable.
The most secure software is the software you never released or even wrote — however that software serves your business no purpose.
As we are moving into this new world with more and more software being used for business-critical processes it is important that we start outfitting our software with seatbelts. We need to cover the basics and make sure it’s easy for users to make secure choice. We also need to educate our users on the importance of security — remember the seatbelt is only valuable if you use it.
Furthermore, we need to stop negotiating security. Cars come outfitted with seatbelts and airbags — there is no amount of plea or bargaining you can make with a car manufacturer that would lower the price of your new car because they do not install these features, no serious car manufacturer would agree to this — it’s simply not worth the risk.
Why is it that software vendors think it’s ok? Why is it that clients feel security can be negotiated like a feature? There needs to be a stance by the industry where we don’t compromise on these things if we want to build a sustainable digital world.
You pay for the safety in your car and hope you will never need it — the security in your software is something you have to buy and hope you will never need. In the end, it’s only bad security that is visible, because good security never makes the news.
Our vision has to be that over time having secure software and acting securely should be as intuitive as having and putting on seatbelts. It’s still an effort but you do it automatically — for now, we need to make it top of mind and a conscious choice.
Want to talk more about security in software? Feel free to reach out!
Originally published at https://www.linkedin.com.
