The pressure to get an MVP to market quickly has tipped the scales in app development toward speed rather than security. This has led to security measures often being a bit of an afterthought. It’s not uncommon for the question of how to protect an app only being raised in the days before launch.
But security can’t be implemented last minute. It has to be an iterative process. Something that’s top of mind before development begins, and then continues to be throughout the product life cycle. Even after the app is deployed.
An MVP helps you to get something to the market quickly and learn from it. But is it time we start talking about an MVSP instead? A minimum viable secure product? Because getting something out there that isn’t secure risks losing your customers for good.
Why it matters
- Retrofitting security just before launch doesn't really work. Vulnerabilities can creep into the code at different points along the development journey.
- Thinking about security much more often actually makes the work itself less time consuming. It also helps you make smarter decisions about data structure, APIs, and user flow.
- You’re forced to think about your app from an attacker’s perspective. By figuring out the kind of data or code they’d be most interested in, you rethink how and where to store it.
What you can do
Carry out a risk model
A risk model is a by-product of stepping into the hacker’s shoes and identifying the data they’d be most interested in. You discover the threats your app is most likely to be up against.
Identify attack vectors
As you carry out this risk model, you can also spot gaps before they become wide enough for hackers to squeeze through.
Make your security agile
Security that’s fit for purpose in the modern world is agile and iterative. Tagging some protection on at the end of the process just doesn’t cut it anymore.