16 mar 2020

Security by design: 5 keys to Barco product security

3 min di lettura

As a responsible technology leader, Barco wants to be sure that the products you use are safe and in no way pose a risk for your data privacy. It’s one thing to use products in a responsible and safe way, but how does Barco make sure that the products it develops are secure in the first place?

Multiple layers of security

Barco takes product development security very seriously. Throughout our development cycle, we constantly challenge how robust our products are by applying a wide range of techniques, such as threat modeling, vulnerability scanning and penetration testing. In addition, we apply a strategy of ‘defense in depth’, which means that we build multiple layers of security into our products, aiming at controlling the impact of a security breach. If one line of defense is compromised, then there are other layers that will be able to withstand the threat.

You will constantly have to fight product security issues, so we think it is better to consider security from the very beginning of the product development process. In this article, we’ll show you our philosophy about product security, which consists of five main themes.

5 keys to keeping Barco products secure
#1 Secure development life cycle

From product idea to design, and from development to product release, each stage of the product development life cycle has security built in and addresses all possible security compliance requirements. Barco works according to the ‘shift left security’ principle, meaning that we are moving security practices to as early in the development cycle as possible. This helps us to avoid or resolve possible issues sooner, even before a product is fully developed.

#2 Implementation of security controls

Barco product teams work closely together with security experts to make sure that security in developed products is watertight. Via a constant interaction between security and development experts, both our processes and the technical implementation of our products are constantly monitored and finetuned in function of possible cyber security risks.

#3 A secure organization

If you want to develop secure products, then it is critical that you have secure people and processes in place as part of your organization. For example, Barco development teams always have a dedicated security champion, someone who is responsible for being the critical voice for all things security and privacy. Security in the organization is the centerpiece of our product security philosophy.

#4 Training and awareness

As new cyber threats are becoming more and more complex, cyber security technology evolves as well. In order to be ahead of the curve, Barco continuously educates its employees – both technical and non-technical staff – on security protocols and how they can improve security in their day-to-day job.

#5 Certified organization and processes

Barco has obtained the ISO/IEC 27001:2013 certification for ClickShare, which means that our company is properly executing information security management on all processes defined in the scope of that certificate. With the ISO 27001 certificate covering ClickShare, Barco is showing that the processes and infrastructure that help develop ClickShare are secure.

At the same time, we are fully aware that product security is a continuous improvement process. So, when needed, our strategy can be adjusted in light of the continuously changing cyber security threat landscape.

What happens after the product is launched?

Product security only starts when a product is launched. Barco continuously updates its products based on its product roadmap and based on feedback from customers. We analyze all incoming feedback, then schedule and prioritize it accordingly.

We release quarterly software updates, but also updates on a more frequent basis depending on the type of technology or component. Cloud technology products for example will be updated much more frequently due to the more volatile nature of this technology. As our products are becoming increasingly connected, we are able to push automated updates for more and more of our products.

Our product security incident response team continuously processes feedback from our customers and from other security experts who are reporting possible vulnerabilities in our products. Based on how critical this feedback is, we put our development teams to work to solve the issue.

Keep your ClickShare secure

As a ClickShare user, you can take security in your own hands as well, for example by always installing the latest patches and security updates for your software solutions.

For the smoothest and safest ClickShare experience, we strongly recommend updating your ClickShare units to the latest ClickShare firmware.