I’m an engineer by background, and one very common trait amongst software engineers is that they love to do things right. They want to create elegant, robust systems, and that includes making them secure.
Security evokes mixed feelings among product teams in tech businesses. Though a worthy goal, knowing where to “stop” with security is not straightforward (you can always find something to make you more secure…) and having confidence that the security fixes you’re applying are actually reducing the risk is also not straightforward.
Resources are limited, and engineers are there to design brilliant software and drive business growth. They don’t have the training or time allotted to discover, risk-assess and fix all the security vulnerabilities in your cloud environments and applications.
A threat model solves all this. As well as providing a blueprint and structure to this process of discovery, risk assessment and remediation, they capture security-related knowledge in one place. This enables effective planning and implementation of controls, rather than reactive and chaotic just-in-time fixes that stress everyone out and create technical debt.
This dual function enables different teams to communicate and collaborate on security, ensuring that everyone can work together, regardless of technical ability and know-how, and that decisions can be made in light of all available information.
Our approach to threat modelling puts business risk first. It’s easy for everyone to understand this no matter their position in the business.
Focussing on business risks serves two purposes:
First, it allows engineering and security to demonstrate to the business how security work connects to business outcomes. In other words, it showcases the value-add for security.
Second, it avoids limited security and engineering resources being spent mitigating low-risk threats (which would be a waste). Instead, that resource can be used to enhance the value security provides to the business by focusing on the reduction of more serious business risks.
Finally, different teams in larger organisations often end up being siloed and unaware of each other’s security risks and any mitigations in place.
Managing this can be incredibly hard for a central security team, and understanding where risks are is the first step to overcoming them. Threat modelling offers a full risk overview across an organisation’s technology estate. This enables easy identification of the level of risk at both a micro and macro level within your organisation and allows for a more cooperative approach to risk ownership and management between teams.
Threat modelling has huge potential in organisations where technology is in heavy use and where security is important to the business. I’ve seen it transform the conversation between engineering and security. I’ve seen it bring clarity and better, quicker decision-making, which leads to better products, better security and faster development.