Security by Design : the 3 Main Principles

Blog articles

In each product, app, system or connected object, security is a key point. This year’s International Cybersecurity Forum theme is about security and privacy by design. In this context, Gatewatcher decided to explain 3 main principles of security by design, with our insights and experience.

Principle n°1: Minimise attack surface area

The attack surface represents all the entry and communication points that an information system has on the outside. The attack surface can be related to a software (OS, libraries, read/write access), a network (open ports, active IP, network flows, used protocols), a human (phishing, social engineering) or a physical intrusion (such as one inside the building).

An information system with a wide attack surface would be more vulnerable to attacks. Indeed, filtering and control means are more complex set up and to organise. Once all entry points on the attack surface have been identified, advanced surveillance and protection tools need to be implemented. For very exposed systems, it is advised to perform regular security analysis.

Amongst possible solutions to reduce an operating system attack surface, hardening is a well-known but too little used principle. It involves analysing components that are not or little used on the system. The purpose is to close services and ports to limit the possibilities of remote interactions with this system. This principle has been applied in the conception of our APTs detection probes.

Principle n°2: the lesser privilege

According to the French Cybersecurity Agency (ANSSI), this principle specifies that an administrator only has access to admin zones on which he has an operational need, without any technical possibilities to access another zone. In the specific cases of the most privilege rights on the directory, only the information system administrator can access it.

This principle is inseparable from security by design. A clear distribution of allocated tasks, roles and rights, is to ensure an environment partitioning. Once the least principle is implemented, it is more difficult to compromise a subsection of the environment because the attack surface is significantly reduced. Even if it is corrupted, the attack will only have limited consequences. The application of this principle from the conception goes hand in hand with the idea of roles partition.

Gatewatcher graphic - Gcenter and Gcap Operation.



Operator: alerts consultation, IOC research, forensics.

System administrator: roles creation, rights management, probes and appliances setup.

Local administrator: alerts and system logs consultation, feedbacks activation/disabling.

Auditor: alerts consultation, probes logs consultation.

Principle n°3 : Defence in Depth

The expression « Defence in Depth » comes from a military technique, which purpose is to delay the enemy. Defence in depth consists in exploiting several security techniques in order to reduce the risk when a component is compromised or defective. In order to rely on a consistent group rather than one element for security, threats must be opposed and countered with coordinated and independent defence lines. As a gate, a security must be monitored, protected and benefits from a reaction plan in case of incident. To set up this defence in depth, we recommend the following steps:
  • Determine security goals in order to build a defence in depth strategy,
  • Elaborate the organisation and the general architecture of the system in order to define the control and evaluation points,
  • Elaborate the defence policy,
  • Qualify the system regarding the defence in depth criteria,
  • Evaluate the permanent and periodical defence from attacks methods and feedback (control and audit)

Of course, putting these 3 principles in practice during the conception phase of an application, a system or a connected object or software do not guarantee its resistance to attacks or intrusions.

The security by design approach needs to be widened beyond the conception stage. It must be included throughout the product life cycle and must be a shared concern for all parties concerned by the product development.

By Jacques de La Rivière, CEO Gatewatcher

Related Contents

This website uses cookies to ensure you get the best experience on our website. Learn more.