Cyber security and privacy issues, such as safeguarding data and user identity, are hot-button topics at the moment. Hardly a day goes by where we don’t hear about vulnerabilities, data leaks and malware, and there’s no indication that these issues will be less important in coming years. As a product manager, you’re primarily concerned with innovating, satisfying your customers and ensuring the continued success of your product and business. And rightly so. However, just because the words “security” or “privacy” aren’t in your job title, doesn’t mean they’re not relevant to your job.
Far from being just another set of Nonfunctional Requirements (NFRs) for your product, cyber security is an essential system quality that determines the usability and effectiveness of the entire system. Whether you take a reactive or proactive approach to security engineering depends a lot on your product and its maturity. Yet, no matter how fundamentally important cyber security is, or how inevitable an attack might be, it can be challenging to make security a priority.
Why focusing on cyber security can be a challenge
We all know the drill. You’re racing to develop your MVP, and time is of the essence. Often, you simply don’t have the time or bandwidth to pay attention to possible data leaks or breaches. Finding a product-market fit is the most pressing issue at hand.
Then, once your product has launched and is gaining traction in the market, your focus shifts to product growth. Cyber security becomes even easier to neglect. While this strategy may work in the short-term, it could backfire in the long-run. Sooner or later, you’ll have to address cyber security. If you wait until a breach happens, the consequences could be everything from rewriting your entire product to revenue losses and dissatisfied customers. Is that a risk you’re willing to take?
The longer you wait, the greater the cost
As a rule of thumb, there is an inverse relationship between the cost of implementing a cyber security solution and the product maturity lifecycle. The further along you are with your product, the higher the cost of implementing any cyber security solution from scratch. And the steeper the fines you might have to pay. If you don’t want to end up on the list of the worst security lapses, make sure you plan and prioritize cyber security issues.
For example, give security tasks top priority in your backlog and incorporate them into each development sprint. You should include cyber security as a must-have point through your entire scope of work right up until the endgame. Cyber security should also be a key part of your agenda and included in your regular updates to senior management.
And as an additional help to get you started, here’s a list of items to keep in mind when building secure systems for your company’s products.