A Look at Software Security in the Midst of Digital Transformation

Software is at the core of digital transformation. In today’s enterprises and tomorrow’s smart Industries, software is key to improving operational efficiencies, enabling successful convergence of IT and OT in the Industrial IoT, and the underpinning of emerging technologies like blockchain and artificial intelligence. Nonetheless, the continued impact of software in the burgeoning digital economy will ultimately depend upon its trustworthiness, which makes the role of cybersecurity a lynchpin for success or failure across business, industry, and government.

BSA, the leading advocate for the global enterprise software industry, laid out its cybersecurity agenda in a recently published report, Strengthening Trust, Safeguarding Digital Transformation.

In the report, BSA pointed out that “it is imperative that enterprises and policy makers consider cybersecurity from the outset, as well as how these technologies can support broad and inclusive growth, as they develop and deliver the secure products and services that improve our lives.”

BSA outlined five priorities they believe necessary to make the critical improvements in cybersecurity for the future. Let’s take a look:

1. Robust Software Security: Managing software security risks must be an ongoing process, as malicious actors continuously fine tune their tactics to cause disruption and wreak havoc. The BSA says that evaluating software and application security requires continuous improvement that considers the development process, built-in capabilities, and lifecycle management. The process should also include partnerships with industry and government to create laws and policies geared towards addressing cybersecurity risk management.
2. Cybersecurity for Emerging Technologies: Emerging technologies require a strong cybersecurity foundation so their transformational benefits can be realized without serving as entry points for cyberattacks. The BSA supports laws and policies that allow for innovation as well as concrete cybersecurity improvements, leveraging automation to enable cybersecurity experts to focus on high-value tasks more effectively and managing cybersecurity risks to the supply chain through a comprehensive approach incorporating best practices and international standards whenever possible.
3. Modernization of Government IT and Cybersecurity: Governments must focus on improving their own IT and cybersecurity for the benefit of the entire cybersecurity ecosystem. For that purpose, BSA says governments should make long-term investment in cybersecurity. Improvements can be made by migrating to cloud services and implementing strong identity and access management practices. Furthermore, investments should be made in state and local governments to sure up their cybersecurity while streamlining procurement processes and requirements to eliminate those that create undue burdens or do not covertly advance cybersecurity.
4. Interoperable Cybersecurity Laws and Policies Across Borders: Governments must ensure that new laws and policies do not constrain an organization’s ability to invest in cybersecurity improvements or create barriers to trade.
5. An Effective Cybersecurity Workforce: BSA notes that it is critical to develop an effective cybersecurity workforce by broadening opportunities, improving training programs, and expediting the development of a diverse workforce. Apprenticeships, community challenges, boot camps, and the like can all serve to provide the workforce with high-demand cybersecurity skills that will be needed to secure the future.

Wibu-Systems has been an evangelist and champion for cybersecurity for more than three decades and fully supports BSA’s tenets for the future of cybersecurity, particularly in the midst of global digital transformation. In a connected industrial world, we believe that a security-by-design approach is the cornerstone of secure infrastructure. Security-by-design leaves nothing to chance as a system is created free from vulnerabilities from the start.

There are many best practice documents and security frameworks available for designers to reference today that will help put security-by-design into practice. BSA points to their own approach to secure software development in their BSA Framework for Software Security document. From our side, we collaborate with several industry associations, such as the Industry IoT Consortium, to share our security expertise in the creation of best practices, reference architectures, and security frameworks for industry-wide consideration. You can find some of those documents, like the Industrial Internet Security Framework Technical Report, Software Trustworthiness Best Practices whitepaper, and others, on our security resources webpage.