SDP (Secure Development Practices), ASRTM and UX Design: First Impressions


Secure Development Practices, with ASTRM Tools?

There are various SDP processes that can lend to a more secure infrastructure, or to delivery of more secure outputs, that organisations can deploy. Consequently, there are tools geared to enable these processes at stages of development lifecycles, or across them.

Application Security Requirements and Threat Management (ASRTM) tools are designed to help organisations deliver secure outputs. This includes designing software that has addressed or considered potential vulnerabilities, and is compliant with the regulation applicable to it.

Effective ASRTM processes allow dynamic identification of development requirements resulting in more secure coding practices and architectural countermeasures. The dynamic attributes of ASRTM tools can provide notable benefits to organisations, as it is commonplace for threats and requirements to not be adapted to specific project application stacks. Especially when considering industry movements toward agile and DevOps methodologies.

Gartner defines ASRTM as an “emerging” sector and expects a mainstream adoption period of 2-5 years. (Gardner and Catucci, 2020)

Does UX Design Need SDP?

Meanwhile, industries such as UX design are becoming much more complex. Therefore, tools that promote the ability to work collaboratively in design teams are more valuable than those assistive with individual tasks. (Teixeira and Braga, 2020)

Regulations such as GDPR and CCPA represent a need for designers to consider transparency within information architecture. UX designers need to “make sense of the bigger picture of a product’s information environment - rather than solely focusing on its interface.” (Teixeira and Braga, 2020)

As such, SDP in UX design will likely see the highest benefit where it is geared to address situations of collaboration within SDLCs (Software Development Life-Cycle). Additionally, where it can help developers to understand structures underlying the experience, that could be neglected in a limited environment.

A Potential Solution?

ASTRM tools may provide solutions to enabling SDP in UX design lifecycles. As ASTRM outputs are dynamic, they are geared towards agile development methodologies. Such are common in UX development life-cycles.

Conclusively, there may exist scope for ASTRM tools to capture emerging UX design requirements, particularly around issues of information architecture. We further confirmed this in a recent interview with a UX designer at LUSH Digital, who described that security perspectives of information architecture are overlooked, which in cases resulted in projects moving backwards along the pipeline to resolve issues not identified sooner.

Perhaps ASRTM outputs could provide tangible benefits if deployed within UX design environments?

Contact Information

Thanks for reading this far, if you have any questions or thoughts about this post, feel free to let me know at luke@netpaladin.co.uk.

References

Teixeira, Fabricio, and Caio Braga. “The State of UX 2020.” UXdesign.cc, 2020. Gardner, Dale, and Frank Catucci. “Hype Cycle for Application Security 2020.” Gartner, Mark Horvath, July 2020.