I’m only in phase 1 of my project. Why do I have to consider security now?

Project cycles today focus on short term accomplishments to better deploy functionality while keeping the business running. Overall, this increases the probability for project success. Security requirements have long been associated with compliance, and thus have been considered long term goals. One of the reasons for this is because compliance is commonly assessed on a 6-month or annual basis, and then corrections are made.

In recent years, however, compliance and security have been evolving to include continuous monitoring, meaning security measures are largely in place and the process for evaluating them has matured. Changes to systems and the network environment are more likely to be controlled, and user access reviewed regularly.

This means that while your project may be creating new functionality or implementing new systems, these changes may need to ‘fit into’ an overarching security foundation and framework already in place. And, of course, if you don’t reach out now to determine what the requirements are, you will be setting yourself up for potentially costly rework later when the regular compliance assessment is completed.