Traditionally, security engineering usually refer to keeping malicious actors away from your organization’s infrastructure. This usually refers to corporate security. Another aspect of cybersecurity emerges from the need to design, implement and release secure product, with an additional focus on the security from the end-user’s perspective. Depending on your organization and the type of products delivered, the these domains might partially overlap [1].
Regardless of whether your infrastrcture is hosted on the cloud or on premises, there are some generic security considerations. When your infrastrure is hosted on the cloud, the shared responsability model specifies the scope of each party.
The following activities are part of the responsability of corporate security:
A product might be running entirely in your own environment (API/Online service), in an external environment (Offline mobile app) or a combination of both (Web application/Connected mobile app). In all cases, you need to adopt a secure software development lifecycle specific to your product portfolio. The main difference lies in the operation step.
The following activities are part of product security: