Why Secure by Design Matters
The Secure by Design Mandate has become a cornerstone of ensuring robust cyber resilience across government organisations and their entire supply chains. It represents a shift from reactive measures to proactive integration of cyber security practices throughout the entire digital delivery lifecycle. This approach is not only critical for government departments themselves but also for all the suppliers—large or small—who are involved in delivering services to these organisations. From SMEs to large contractors, everyone within the supply chain is responsible for ensuring that security measures are integrated at every stage.
Outcome 9 of the Government Cyber Security Strategy
“…ensure that appropriate and proportionate cyber security measures are embedded within the technology government uses, and that the security of digital services is continually assured throughout their lifecycle.”
Commitment 11 of the Roadmap for digital and data, 2022 to 2025
“All new services shall comply with the common approach to Secure by Design”
With the UK government shifting to an outcomes-based security framework, continuous adherence to security principles is essential. At Nine23, Secure by Design is more than just a phrase—it’s the foundation of our approach to delivering digital services. While the concept itself isn’t new, our commitment to embedding security at every stage—from business case to design, build, operation, and disposal—sets us apart. Security is no longer a checkbox or afterthought; it’s an ongoing process that ensures the integrity of your services from start to finish.
For large regulated and compliant organisations that need to follow the Secure by Design principles or are looking for suppliers who adhere to the framework face several problems:
- It is a requirement to comply with the SbD principles
- Limited experience and maturity in applying the SbD guidelines
- Achieving and maintaining cyber resilience
- Behaviors Misaligned with Target Cyber Culture
The Outcomes
In our Secure by Design campaign, we’ll be diving deeper into the Secure by Design approach. In the coming weeks, we’ll be sharing a series of thought leadership blogs, each focusing on one of the key principles, offering insights and practical guidance on how to integrate these into your organisation’s digital delivery processes. Stay tuned for expert perspectives on improving cyber resilience, fostering collaboration, and embedding security as a core business practice.
Create Responsibility for Cyber Security Risk
Source Secure Technology Products
Adopt a Risk-Driven Approach
Coming Soon
Design Usable Security Controls
Coming Soon
Build In Detect and Respond Security
Coming Soon
Design Flexible Architectures
Coming Soon
Minimise The Attack Surface
Coming Soon
Defend in Depth
Coming Soon
Embed Continuous Assurance
Coming Soon
Make Changes Securely
Coming Soon
The Importance for SME
Small and medium-sized enterprises (SMEs) play a vital role in driving innovation and growth within the UK economy. The government is committed to maximising spend with SMEs through supporting start-ups and small businesses. Therefore, the Secure by Design approach is particularly crucial for SMEs who play a critical role in government supply chains.
Recently, our CEO, Stuart McKean, had the privilege of chairing the TechUK Cyber Security SME Forum on the Secure by Design Principles, hosted by Fotini Tsekmezoglou from the Cabinet Office’s Central Digital & Data Office (CDDO). This forum was crucial in highlighting what Secure by Design means for SME members like Nine23, who are part of the UK Public Sector supply chain, and how it aligns with our ongoing commitment to secure digital delivery.
“We look forward to helping our clients, partners, and their entire supply chains integrate the Secure by Design principles into their operations. Ensuring that security is not just a checkpoint, but a continuous practice is key to protecting the broader ecosystem from emerging threats.”
Why Nine23?
Nine23 allows you to collaborate securely on sensitive data and interoperate cross-domain at high levels of data classification. We are proud to have recently been involved in a large Defence contract to enable them to operate and achieve assurance using the Secure by Design framework.
By drawing on the expertise and outstanding reputation of BNS Cyber, one of only a handful of organisations certified by NCSC to provide Security Architecture and Risk Management offerings under the NCSC Assured Cyber Security Consultancy (ACSC) Service. Our customers have complete peace of mind that cyber security is not only embedded appropriately from cradle to grave but that it will enable the mission, bolster business resilience, and improve data sharing between organisations.
This powerful partnership allows us to design and implement business-enabling systems that not only support your business and user requirements but also ensure that proportionate, pragmatic, and assured security controls are in place through the lifecycle of the system. The intent of the collaboration is to offer augmented Information Assurance and cybersecurity (advisory services) by integrating BNS Cyber’s consultancy services into Nine23’s delivery and managed service offering.