The recent implementation of privacy labels in Apple’s App Store have ignited a new wave of discussions over privacy concerns with technology applications. Users now have greater visibility into the type of data that is collected, who that data is shared with and how it is used.
This new label system is not just a shift from lengthy and confusing privacy policies to accessible information for the layman, it’s an indication of a much bigger theme: the public’s changing expectations toward transparency and privacy.
Consumers and businesses are both more aware of security and privacy issues than ever before, and the slew of cyberattacks and breaches in 2020 truly solidified the understanding of consequence if these things aren’t done right. Expectations are no longer just about how companies handle security and privacy, but how transparently they communicate those protocols. Companies and developers must adapt to these changes or risk facing backlash from users and regulators alike.
Here are three things developers and companies can implement to build trust into their applications.
1. Go Open Source
Applications that are open source inherently display greater transparency, which provides better insight on the inner workings of the app and allows the technology to speak for itself. Companies can always claim that their software does not collect personal data or share information with third parties, but the reality is that people are more skeptical of technology than ever before after countless scandals and breaches that occur every year.
Making your platform’s code accessible allows outside developers to check that any security and privacy claims are met in reality. This practice of hyper-transparency can be taken another step with regular cybersecurity and code audits from security researchers and industry organizations for more in-depth analysis and certification.
One concern around going open-source is the risk of allowing cybercriminals to identify vulnerabilities in the application. However, open source also allows for the larger developer community to identify and report any flaws before they can be exploited. Overall, the security and transparency benefits of open source far outweighs the potential downsides.
2. Rethink Your Security Foundation
Without a proper security foundation, many platforms not only struggle to implement modern solutions rapidly, but they will also be at an increasing disadvantage as cyberattacks become more sophisticated. Failure to engrain security at a foundational level has led multiple companies, government and education institutions to effectively blacklist certain applications from use. Furthermore, poor security infrastructure can lead to a loss of development time and resources in the event that an application needs to remediate a major vulnerability or address privacy concerns.
A proper infrastructure overhaul is a huge undertaking, and many developers would need to backtrack or compromise on removing convenient features for better security. While many may not be willing or consider themselves able to do this, it’s important to keep an eye on the broader changing landscape. Cybercrime is expected to cost the global economy upwards of $10.5 trillion by 2025.
Cyber attacks are becoming more numerous and sophisticated, and governments are beginning to roll out stringent regulations — making the consequence of a security or privacy breach very costly. For developers who are still in the beginning stages of building their applications, it’s important to consider that those that are built from the start with a security-first infrastructure will not be forced to make such compromises and will be more capable of evolving and adapting to new security challenges.
3. Implement Zero Trust
It’s clear that there needs to be an overhaul in a lot of the ways companies and businesses operate in order to build a sense of trust with users. While the technical aspects of this — like implementing transparency through open source and security-first infrastructure — are important, it’s also critical to update the mindset and human-centric elements to safeguarding data and privacy.
One effective approach and strategy is adopting a zero-trust framework, a security model that assumes that all data, devices, apps and users inside or outside of the corporate network are insecure by their nature and must be verified before being allowed access. This methodology employs stringent protocols and includes tools such as multi-factor authentication, end-to-end encryption, identity-access management, orchestration and other comprehensive system permissions and safeguards.
The key component to zero trust is that it is a holistic strategy, involving both technical protocols as well as an overarching dynamic and hyper-vigilant mindset that is ingrained into how an organization operates and proactively defends against cyber threats. It requires a change in strategy at all levels of the organization, because one mistake by an employee can be exploited into a major cyberattack. Only a holistic approach that is based on infrastructures with these core principles can help meet the expectations of users and the cybersecurity challenges of the future.
Don’t Wait, Act Now
Implementing these measures should be an active effort — rather than a reactive response to a security breach or data-privacy scandal. Having an application that is open source, built on a secure foundation and supported by a zero-trust framework can help prevent or mitigate the next major cyberattack.
Trust is easily lost and hard to regain, which is why leaving these initiatives off until it is too late can be devastating and can appear as a disingenuous, reactionary and forced response. With countless competitors ready to move in to offer their own applications, protecting your reputation and the trust of your users must be a top priority.