The head of the nation's primary consumer protection agency on Wednesday paid a visit to San Francisco, where she called on technology startups to do a better job of incorporating security protections as they race to bring new applications into the market.
Federal Trade Commission Chairwoman Edith Ramirez's comments amplified the agency's "Start With Security" initiative, a program that aims to encourage businesses to prioritize cybersecurity as an integral part of their product development.
That effort is geared toward businesses across industries, though on Wednesday Ramirez was speaking directly to the tech world. In a remarkably short period of time, firms in that sector have introduced a galaxy of apps that help people chart their fitness, manage their money and communicate with their doctors and nurses, Ramirez noted. But with each new tool that collects or relays sensitive information, the security threats mount.
"The software revolution has left little untouched with tremendous benefits to consumers and society as a whole," Ramirez said. "But, in a world where everything is connected, insecure products and services can have significant consequences."
Ramirez emphasized the collaborative relationship the government is seeking to kindle with the tech industry as a partner in promoting security.
"Startups are not only an important engine of growth in today's economy, but also crucial partners in our efforts to keep our marketplace secure," Ramirez said.
Relations between the government and the tech sector have been strained following the revelations of the intelligence community's sweeping information-collection programs by former National Security Agency contractor Edward Snowden. In response, firms like Google and Apple have been working on strengthening their encryption features in an apparent effort to prevent the feds from accessing their systems, steps that top intelligence and law-enforcement officials have protested.
Ramirez did not address that dustup, but instead focused her remarks on some of the cultural and practical challenges that can put security on the back burner at fast-growing, cash-strapped startups.
She is calling on the tech community to embrace what is sometimes referred to as security by design -- the idea of incorporating some core security features at the earliest stages of development.
"In the rush to innovate, privacy and security cannot be overlooked, even in the fast-paced startup environment," Ramirez said. "Think about privacy and security as you design your product. Embed it into the development process."
FTC publishes guide with security tips for businesses
This week the FTC published a guide for businesses (available in PDF format here) that outlines a number of security tips drawn from the more than 50 cases the agency has brought against firms involving data practices.
The FTC notes that each of those cases ended in a settlement outside of court, and the particulars varied from one case to another, but certain common shortcomings in the companies' security frameworks emerged. For instance, the agency is urging firms to place sensible access controls around the data they collect, to mandate the use of strong passwords, and to ensure that the third-party vendors they work with have reasonable security policies in place.
Sign up for Computerworld eNewsletters.