Security is everybody's responsibility

Everybody has a role to play in keeping apps safe from hackers. It isn’t only the head of security or developers who are responsible, but product managers and UX researchers, too. End users themselves can even be educated to spot phishing emails and other attacks.

One of the main reasons for weaknesses appearing during app development is teams working in silo. So clear communications between teams is also vital.

product team meeting

Why it matters

  • When responsibility for app security is shared across the business, there's more accountability. People know they have a role to play. And they feel empowered because of it.
  • An enduring narrative is that of the head of security vetoing fun features just before launch. But when security is a constant consideration for everyone, innovation can happen alongside security.
  • Empowering end users to take some responsibility for their own security can help you to build trust with them.

What you can do

Each business is different. But typically there are three areas that are involved in app development - product management, software engineering, and design. Here’s how each of them can take more responsibility for security:

Product Management

Product managers don’t tend to think about security if they’re not working in a highly-regulated industry. But if their app is going to hold any personal or sensitive information, then they really should do. One crucial task for them is to make sure that different teams communicate clearly about security. They should get the sec ops team involved from the beginning, for example. And they should constantly be asking themselves how they’re going to handle user data responsibly.

Software engineering

It isn’t that developers don’t think about security. It’s more that it typically isn’t their primary responsibility. But ideally they should be asking themselves some key security questions at the same time that they’re developing the project architecture. For example, how can they store sensitive data securely? And how can they make sure the app is communicating with the right server?


The main objective for designers is to make sure that there’s consistency in design. They need to make sure that end users see the information that they expect to see at just the right time. And as with other areas of the business, communication is important. By talking clearly with other teams, they can make sure that the features they’re adding aren’t going to invite unnecessary risks.


There's a fine balance between security and usability