Everybody has a role to play in keeping apps safe from hackers. It isn’t only the head of security or developers who are responsible, but product managers and UX researchers, too. End users themselves can even be educated to spot phishing emails and other attacks.
One of the main reasons for weaknesses appearing during app development is teams working in silo. So clear communications between teams is also vital.
Each business is different. But typically there are three areas that are involved in app development - product management, software engineering, and design. Here’s how each of them can take more responsibility for security:
Product managers don’t tend to think about security if they’re not working in a highly-regulated industry. But if their app is going to hold any personal or sensitive information, then they really should do. One crucial task for them is to make sure that different teams communicate clearly about security. They should get the sec ops team involved from the beginning, for example. And they should constantly be asking themselves how they’re going to handle user data responsibly.
It isn’t that developers don’t think about security. It’s more that it typically isn’t their primary responsibility. But ideally they should be asking themselves some key security questions at the same time that they’re developing the project architecture. For example, how can they store sensitive data securely? And how can they make sure the app is communicating with the right server?
The main objective for designers is to make sure that there’s consistency in design. They need to make sure that end users see the information that they expect to see at just the right time. And as with other areas of the business, communication is important. By talking clearly with other teams, they can make sure that the features they’re adding aren’t going to invite unnecessary risks.