C h a p t e r 2
While the need for security and
compliance in edge devices is abundantly
clear, from an organizational perspective,
it begs an important question: Whose
responsibility is it?
In many organizations, security
has traditionally been siloed, either
relegated to the IT department or
considered a task solely for engineers
on the product development team. This
approach, however, no longer holds
up in the context of edge devices
and IoT ecosystems, where security
risks are pervasive, multifaceted, and
constantly evolving. Security in the edge
environment requires a comprehensive,
organization-wide approach, involving not
just technical teams but also leadership,
product managers, operations personnel,
and even legal and regulatory teams.
Naturally, security ownership must begin
at the highest levels of an organization.
Executives and board members need to
recognize that security is a core business
function and not simply a cost center.
This shift in perspective requires elevating
security to a strategic priority and
aligning it with overall business objectives.
Executives should be actively involved
in setting the tone for the organization's
security culture, allocating appropriate
resources, and ensuring that security
is not sacrificed in the name of cost-
cutting or speed-to-market strategies.
Leadership should also emphasize that
security is not an obstacle to innovation
OWNERSHIP OF SECURITY
Incorporating security involves two
critical factors: defining security
requirements and conducting threat
modeling. During the planning phase,
companies should define security
requirements alongside functional
requirements. Early in the design phase,
companies should identify potential
security threats, attack vectors, and
vulnerabilities specific to the product
being developed."
Rasma Araby
Managing Director, atsec information AB
11
7 Experts Discuss Managing Security Risk and Regulatory Compliance at the Edge
