Shift to Security
Designing security into code is a lot like designing security in a house, Marilyn Barrios (ITM, M.A.S. ITM ’18) says. Each door, window, and any other point of entry must be secured. But these security measures aren’t considered after the house is built. They are embedded in the initial design of the house.
Barrios says a similar philosophy is shifting the way that code is being written for Motorola Solutions’ products and networks.
“The shift is thinking of security by design,” says Barrios, head of Motorola Solutions’ application security team. “It’s foundational in the code and not an afterthought.”
Barrios ensures that this philosophical shift is at the forefront in the development of the company’s networks, devices, and services as she oversees the company’s global engineering and implementation of cybersecurity best practices.
Attackers target code in order to find vulnerabilities. As more code is being exponentially exposed through connected smart devices, the urgency to shift cybersecurity philosophy to the foundation of code writing has been amplified. In the past developers had focused on writing code that makes the software operate, and then turning that code over to cybersecurity experts, who would run the code through diagnostic tools to find security holes. The code would have to go back to the programmers for repairs. It was a slow and burdensome process.
Barrios’s solution was to give programmers access to the diagnostic tools, so they could run a diagnostic after bits of code are written. These diagnostics detect vulnerabilities earlier in the development process, and fixes can be made more efficiently. It also prevents programmers from making the same mistakes as they get deeper into the code.
“Everyone has a security responsibility now,” Barrios says of a development team. “Everyone who touches our products and services has to ask, ‘What is my responsibility?’ It is my job to make sure that our software developers are deputized in security.”
This story was featured in the spring 2022 issue of Illinois Tech Magazine. You can.