In the ever-evolving landscape of cybersecurity, staying ahead of threats is crucial. That’s why organizations are constantly seeking ways to enhance their security measures and protect sensitive data. Fortinet, a global leader in cybersecurity solutions, has recently implemented changes to their Secure-by-Design, Secure-by-Default standards that promise to take protection to a whole new level. With these updates, Fortinet aims to deliver unparalleled security features that not only defend against current threats but also future-proof networks against emerging risks. In this article, we will delve into the newly implemented changes by Fortinet and explore how they can revolutionize the way organizations approach cybersecurity.

Newly Implemented Changes to the Secure-by-Design, Secure-by-Default Standards - Fortinet.

In today’s rapidly evolving world of cybersecurity, given the growing number of threats and adversaries and the cybersecurity skills shortage, organizations need to work with vendors who are taking ownership of security management by removing the burden of operating a secure infrastructure. This starts with developing and deploying solutions built on Secure-by-Design, Secure-by-Default principles.

This month, the Cybersecurity & Infrastructure Security Agency (CISA)—along with 17 U.S. and international partners—published an update to the joint Secure by Design product, “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software.” According to CISA, this updated guidance “expands on three core principles: Take Ownership of Customer Security Outcomes, Embrace Radical Transparency and Accountability, and Lead From the Top.”

To make this happen, the foundation of any Secure Product Development Lifecycle (SDLC) must include “Secure by Design” and “Secure by Default” principles. At Fortinet, this concept is baked into our SDLC Policy at the earliest stages of development and is part of our Fortinet SDLC Policy and associated 10 Fortinet Principles. We believe this should be the case for all security vendors.

Secure By Design:

“Secure by Design” is a fundamental approach to cybersecurity that ensures security is not applied as an afterthought, but instead is an integral part of the development process. Security must be embedded in the very DNA of every product, application, or service. When something is “secure by design,” it’s constructed with the awareness that security should be a natural function of the solution and not something that needs to be added later.

Why Is "Secure by Design" So Critical for Cybersecurity Vendors?

By adopting a “secure by design” strategy, cybersecurity vendors ensure that their solutions are inherently robust, minimizing vulnerabilities from the outset and reducing the need for patches and updates.  When security is an inherent part of the design process and techniques such as threat modeling are employed before a line of code is written, the risks of breaches, vulnerabilities, and costly security incidents are significantly reduced.

Such secure design practices can help vendors build and, importantly, maintain trust with their customers—something essential in an industry where trust can be lost faster than it can be built.

Secure by Default :

“Secure by Default” takes the idea of “Secure by Design” a step further. When a customer deploys a cybersecurity solution, it’s should already be configured with the most secure settings set as the default. IT teams can then consciously choose to relax specific security settings rather than having to enable them. This is the opposite approach of most traditional solutions, which have been based on making systems easy to deploy and then requiring the customer to work out how to harden the solution, often leaving critical systems unprotected.

The Benefits of "Secure by Default" for Cybersecurity Vendors

“Secure by Default” flips the table, making it so the user doesn’t necessarily need to be a cybersecurity expert to ensure their protection. Instead, making security the default configuration means organizations are protected from the get-go, without needing to configure complex settings. This minimizes the potential for human error while enhancing or improving protection and speeding up deployment.

By implementing security best practices at the start, Secure by Default delivers more user-friendly security, ensuring that organizations are well-protected out of the box, thereby improving customer satisfaction.

A New Approach is Required When Implementing "Secure by Design" and "Secure by Default"

With this new paradigm in place, configuring a cybersecurity solution may require starting with a default secure implementation and then making adjustments for individual users needing to operate within the expanding attack surface.

Overall, these investments are worthwhile for both vendors and customers, as they prevent configuration issues that can lead to breaches while helping maintain ongoing customer trust along with secure by design and secure by default protections.


The newly implemented changes to the Secure-by-Design, Secure-by-Default standards by Fortinet represent a significant step forward in enhancing network security. By embedding security features into products from the outset and establishing secure configurations as the default setting, Fortinet is proactively addressing vulnerabilities and reducing the risk of cyberattacks. These changes not only provide organizations with a stronger defense against evolving threats but also streamline the implementation process for IT teams. As technology continues to advance, it is crucial for businesses to prioritize robust security measures. Therefore, we encourage all organizations to adopt these new standards and ensure their networks are fortified against potential breaches.

Leave a Comment

Your email address will not be published. Required fields are marked *