Google strongly supports the push by federal cybersecurity officials to build resilience into products during the design phase, hailing secure by design or default principles.
The goal is for developers to mitigate vulnerabilities and other flaws from the product’s creation so customers would not be exposed to flawed products during the installation process, the company said in a blog post Monday.
The Google support comes just weeks after Jen Easterly and Eric Goldstein from the Cybersecurity and Infrastructure Security Agency penned an op-ed calling for the industry to step up efforts for more security as part of the development process.
“We think they’re right,” Kent Walker, president of global affairs and chief legal officer at Google and Alphabet, and Royal Hansen, VP of engineering for privacy, safety and security at Google, wrote in the blog post. “It’s time for companies to step up on their own and work with governments to help fix a flawed ecosystem.”
Ransomware has proliferated in recent years by hackers taking advantage of pre-existing vulnerabilities, insecure software, architectures that can’t be defended and inadequate investments into security, Walker and Hansen said.
Google has taken some early steps to raise the security protocols on their platform. Since 2021, the company turned on 2-step verification by default for online account holders and the company has built the second factor into its phones, according to the blog.
“With society’s increased reliance on technology throughout all aspects of life, it’s vital organizations of all kinds adopt a secure by design approach to the development of products and services,” Dale Gardner, senior research director at Gartner, said via email. “We see literally countless costly examples of what happens when features and functionality are prioritized at the expense of security and safety.”