Security and Privacy by Design

6.1. Security and Privacy by Design#

6.1.1. Security by Design#

Security by design means weaving security considerations into every phase of the software development lifecycle. Rather than adding on protections at the end or fixing problems later, we anticipate threats and integrate defensive measures from the start and at every stage. This approach minimises:

  • the number of vulnerabilities appearing later in the process or after installation, and

  • future costs of fixing any discovered vulnerabilities

To achieve security by design, the software developer or developers need to:

  1. develop the software by following proper development procedures

  2. adopt a culture of security

Adopting a culture of security means that developers place security as one of the main priorities of any project and proactively take steps to ensure it.

Cryptography and Sandboxing#

Two common techniques that support security by design are cryptography and sandboxing.

Cryptography helps protect data and communications by making information difficult to read, change, or fake without the correct keys or checks. In secure software, cryptography can be used to:

  • encrypt data in storage or while it travels across a network

  • store passwords as cryptographic hashes rather than plain text

  • verify that messages, files, or certificates have not been tampered with

  • support secure communication protocols such as TLS

Cryptography is powerful, but it must be used carefully. Developers should use well-tested libraries and protocols rather than inventing their own encryption systems.

Sandboxing limits what software can access or affect while it is running. A sandbox gives code a restricted environment, so if that code is malicious, buggy, or compromised, the damage is contained. Sandboxing is used in many places, including:

  • web browsers, where each page or tab is limited in what it can do to the user’s device

  • mobile apps, where one app should not freely read another app’s data

  • online code runners, where student or user-submitted code should not control the host system

  • containers or virtual machines, where server software is isolated from the rest of the system

Sandboxing does not remove the need for validation, authorisation, testing, or updates. It reduces the impact when something goes wrong.

6.1.2. Security Features in Software#

Security features are the parts of a software system that protect users, data, and the organisation running the system. They should be planned as part of the requirements, specifications, design, development, testing, installation, and maintenance stages, rather than added only after a problem is discovered.

Security features often overlap. For example, a login system protects data, but it also supports privacy and may help an organisation meet regulatory requirements.

Common security features#

Area

Purpose

Example features

Data protection

Keep sensitive data confidential, accurate, and available only to people or systems that should access it.

Encryption, hashed passwords, access controls, backups, and secure deletion.

Security

Reduce the likelihood that attackers can misuse the software or disrupt its operation.

Multi-factor authentication, role-based authorisation, input validation, audit logs, and secure defaults.

Privacy

Give users appropriate control over personal information and limit how much personal information the system collects, stores, and shares.

Consent controls, privacy settings, data minimisation, retention rules, and clear privacy notices.

Regulatory compliance

Help the organisation follow relevant laws, standards, and policies.

Privacy policy support, consent records, audit trails, data access and deletion workflows, and breach reporting processes.

The exact security features needed depend on the software’s context. A school booking system, an online banking app, and a public information website all need security, but they do not need the same controls. Developers should choose features based on the data being handled, the likely threats, the users’ capabilities, and the legal or organisational requirements that apply.

6.1.3. Privacy by Design#

Closely related to security by design is privacy by design. Modern web applications often handle sensitive data such as personally identifiable information and browsing history. By developing software with privacy by design developers protect both users and your organization from leaks and legal issues.

The Information and Privacy Commission of NSW provide a fact sheet on key principles for privacy by design:

  1. Proactive not reactive, preventative not remedial

Take a proactive approach, anticipating risks and preventing privacy-invasive events before they occur.

  1. Privacy as a default setting

Automatically protect personal information in IT systems and business practices as the default.

  1. Privacy embedded into design

Embed privacy into the design of any systems, services, products and business practices. You should ensure that privacy becomes one of the core functions of any system or service.

  1. Full functionality: positive-sum not zero-sum

Incorporate all legitimate interests and objectives in a “win-win” manner, not through a “zero-sum” (either/or) approach. This will avoid unnecessary trade-offs, such as privacy versus security, demonstrating that it is possible to have both.

  1. End-to-end security - full lifecycle protection

Put in place strong security measures throughout the “lifecycle” of the information involved. Process personal information securely and then destroy it securely when you no longer need it.

  1. Visibility and transparency - keep it open

Ensure that whatever business practice or technology you use operates according to the stated promises and objectives and is independently verifiable. Make people fully aware of the personal information being collected, and for what purpose.

  1. Respect for user privacy - keep it user centric

Keep the interest of individuals paramount in the design and implementation of any system or service. You can do this by offering strong privacy defaults and user-friendly options, as well as ensuring appropriate notice is given.

6.1.4. Glossary#

Security by design#

Building security considerations into every phase of the software development lifecycle instead of adding protections at the end.

Software development lifecycle#

The stages used to plan, build, test, install, and maintain software.

Culture of security#

A development culture where security is treated as a main project priority and developers proactively work to protect the software.

Security feature#

A part of a software system that protects users, data, or the organisation running the system.

Sandboxing#

Running software in a restricted environment so it has limited access to the rest of the system.

Privacy by design#

Building privacy protections into software from the start so users and organisations are protected from leaks and legal issues.

PII#

Personally identifiable information. Sensitive data that can identify a person, such as names or browsing history.