How to build better trust standards to implement security by design

Authors: Roland Atoui & Isaac Dangana

Introduction: Bridging the gap

Everyone wants Security by Design, but few are able to make it a regular practice over time. The reasons why enterprises are unable to achieve this lofty ideal are many and varied but this article will focus on one of the very common reasons linked to this inability and the perceived inadequacy of trust standards in supporting teams to achieve security by design. The real difficulty is how to bridge this gap, between standards and practicability of security by design principles in enterprise environments. It’s about turning good intentions into everyday engineering habits that ensure timely delivery, minimize risk, and build trust with customers and regulators.

Across Europe and beyond, national cybersecurity agencies promote security by design as best practice for developing digital products. For example, the national cybersecurity agency of France, ANSSI has as one of its missions “..to regulate the quality of products with digital elements by promoting security by design and by default…” while the BSI (Germany), the NCSC (UK), and other countries also consistently support secure-by-design thinking in various official documents on their website. The message is clear: trust is built in from the start, not added at the end.

Core concepts and definitions

Trust is that quiet confidence you have when you can say: “Even if attackers try the obvious, and the non-obvious, this product will behave the way we expect.” It’s not optimism. Its confidence is anchored in reality, shaped by the threats that matter for this product.

But confidence doesn’t appear by magic. It needs receipts. That’s where assurance comes in: the trail of evidence you can put on the table such as the test results, security reviews, measurements, penetration test reports, certifications or reproducible build records. Assurance is what turns “we think it’s secure” into “we can prove it’s secure enough for this context.”

Now, nobody can prove “perfect security,” and teams don’t have infinite time. So they need a compass for decisions which we call “risk”. Risk is the lens that ties security back to the business covering what could go wrong, how likely it is, and what it would cost in terms of financials, operations, legals or reputation if it happens. Risk is what helps teams decide where to invest deeply, where to keep things simple, and what trade-offs are acceptable.

This is exactly why Security by Design is not a phase you “do” before release but it’s a way of building. It means imagining the threats from day one, and letting that shape the product’s architecture, interfaces, defaults, and controls. It’s proactive, not reactive: designing so that common mistakes are hard to make, sensitive paths are protected by default, and the system stays resilient even when something unexpected happens.

And because good intentions fade under delivery pressure, organizations need something that makes this repeatable. That’s the job of trust standards which is a practical playbook of principles, rules, tools, and measurements that turns security into a consistent engineering habit across teams, products, and time. Trust standards are what keep “security by design” from being a slogan and make it a system the organization can run, audit, improve, and scale.

Software Development Life Cycle:

A digital illustration of the Security-Aligned SDLC Infinity Loop, depicting the phases: Plan, Design, Build, Test, Release, and Operate, with icons for Risk Appetite, Threat Modeling, Auto-Verification, and Detect & Respond.

The software development lifecycle (SDLC) is a structured process used by development teams to design, build and deploy high quality software in the shortest time and lowest possible cost. This is why SDLC is the gold standard among enterprise software developers as it ensures that teams consistently deliver quality software within the time and budget parameters defined by the organization.

In enterprise software development where diverse reasons like regulatory, legal or financial, etc; converge in requiring high quality software, development teams are constrained to develop methods of collaboration that ensures all moving parts of the process function seamlessly to “industrialize” the development process. This is where the SDLC shines best. A well run SDLC will ensure that management backing, governance policies, coding standards, risk appetite, etc are taken into account and secured at the planning stage, while the requirements stage covers the identification, sorting and prioritization of functional, and non-functional requirements. The design stage considers the product’s technical feasibility and proposes an architectural solution that meets the expectations as expressed in the requirements. Next is the implementation stage where the software is developed according to the design specifications. This is followed by the validation stage that compares requirements, design and implemented software to be sure what was conceived is what was produced. The release and deployment stages ensure that the software goes to the market in an orderly manner and that the development teams are able to maintain the product after it is put to use in the user’s environment. Depending on the culture and preference of an organization the model that will be used in implementing these stages may vary (such as agile, iterative, etc) but the stages mentioned above remain largely the same.

The organized structure of an SDLC makes it the ideal delivery mechanism for security by design because it embeds security requirements, architecture, verification and feedback loops into each phase so that security is baked into the paradigm of high quality, shortest time, lowest cost. Looking closely at the 10 principles of security by design, you will notice the close alignment with lifecycle thinking. Each principle maps to a phase of the software development life cycle and to the artifacts teams should produce. :

Plan: risk ownership, risk appetite, obligations (principles 1 and 3).
Design: usable controls, flexible architectures, threat modeling to minimise attack surface and layer defenses (4, 6, 7, 8).
Build and test: product due diligence, automated verification, and continuous assurance (2, 9).
Release and operate: detect‑and‑respond, change safely, retire components securely (5, 10, plus 7’s secure retirement).

Trust Standards

Trust standard is the practical framework including principles, rules, tools, and measurements that directs how an organization provides security consistently. The challenge in enterprise environments is often traced to the fact that trust standards are handled as an exclusive reserve of security teams who are charged with ‘policing’ the implementation of security, often to teams that understand very little or do not care about security. Oftentimes, security is seen by development teams as a rigid, time consuming activity of ticking a list of checkboxes as demanded by the security team. This creates an atmosphere of sub-optimal collaboration and dissatisfaction with the quality of the developed product. The solution lies in developing a security-aligned SDLC that operationalizes the security by design principles by making security inseparable from delivery.

What most trust standards still miss is not ambition, but testability and accountability. A standard that says “implement secure authentication” or “protect sensitive data” is directionally correct, but it doesn’t reliably change engineering behavior unless it also defines measurable outcomes, acceptable evidence, and repeatable evaluation methods. This is where standards should evolve from principle-only documents into operational specifications including profiles per product type (e.g., connected consumer device vs. industrial gateway), explicit assurance levels (what “good” looks like at baseline vs. high assurance), and clear verification hooks (what must be unit-tested, integration-tested, pen-tested, fuzzed, formally reviewed, or continuously monitored). In practice, the most effective trust standards include a compliance contract between security and product teams so assurance becomes a by-product of delivery rather than a last-minute scramble.

Finally, a missing but decisive dimension is that standards are also economic and geopolitical instruments, not just technical documents. When trust standards are well-designed, they reduce ambiguity in procurement, accelerate partner onboarding, and lower the cost of compliance by giving everyone a common language and this is exactly why they become levers of competitiveness and resilience. But that influence cuts both ways. Indeed standards can be captured, used to shape markets, or embed specific technology choices that advantage particular ecosystems. That is why “building better trust standards” also means designing fair governance (transparent decision-making, balanced representation, SME-friendly participation) and ensuring interoperability and implementability (reference architectures, open test suites, and clear mappings to regulatory obligations). In other words, the best trust standards don’t just define security controls but they also create the conditions for adoption at scale, across supply chains and across borders.

Portrait of Roland Atoui, a cybersecurity certification expert with over 17 years of experience, smiling and wearing a blue shirt, next to a brief description of his professional background in cybersecurity and IoT.

TrustForge.pub