Is bespoke software really as secure as commercial products

Can you really rely on software security not built for you?

Nearly half of UK businesses were victim of a cyber attack in the last 12 months, according to the latest statistics released by the Department for Culture, Media and Sport.

And it’s not just big companies who are being targeted.

About 20% of small businesses said they had been targeted by an attack in the two years to January 2019, according to stats from the Federation of Small Businesses.

Considering breaching GDPR compliance can result in fines of 4% of annual turnover, or £18m (whichever is highest) security becomes a huge issue.

Especially considering how reliant companies are on software.

All this software provides a door of entry to your business’ sensitive data, if it’s not secured properly.

Which begs the question.

Can your business defend itself against a cyber attack while relying on commercial software, built for the mass market?

Or would you be better with bespoke software?

Built with you in mind, created to a level of security that meets your needs, and flexible enough that you can update it as you need - is custom software what you need to defend your business in a world of increasing cyber threats?

Let’s look at this issue further.

Is ‘security by default’ really just ‘default security’?

Every piece of software you buy comes with some kind of security built in.

If you look at any commercial software on the market, the marketing material will tell you that it’s secure.

It might even use the well worn phrase “secure by default’.

But what they should really say is default security.

While custom software and commercial software share some basic principles when it comes to security, commercial software is built with the needs of the smallest, most basic, requirements in mind.

Complex security is difficult, and costs more in the short-term.

Building this level of security into commercial software would raise the price, and reduce the size of the market you can sell to.

Custom software on the other hand, takes the fundamental principles of security, and then builds on and adapts them to meet your specific software security needs.

Perhaps you need higher levels of encryption built into your software to keep your communications secure, or you have particularly sensitive information and need better firewalls or more sophisticated threat level detection built in.

Whatever you need, custom software developed for you can take into account all your security needs.

Decrease points of entry

No commercial software on the market meets all of your business’ needs.

Which is why so many businesses’ software stack looks like a tech jigsaw, with a different system for the CMS, a different system for their email, a different CRM.

The list could go on.

All these individual pieces of software will have security.

But they haven’t been necessarily built to be perfectly compatible with each other.

What that means is, once you’ve fitted all your commercial software together and started to use it, you could have accidentally exposed a weakness in your security that a cyber attacker can exploit.

You’re also increasing the points of entry an attacker can use to breach your security by having multiple pieces of commercial software.

One of your pieces of commercial software might be highly secure, but how confident are you that they all are?

In this scenario if a hacker breaches your weak link, it won’t be long before they figure out how to access the rest of your network.

Custom software takes all this into account.

With a single piece of custom software, you know that the systems have been designed to fit perfectly together, with security taken into account.

They’ve also been tested at every stage of the development process to identify and fix any issues before going live.

Plus, you don’t have to spread log-in information across multiple platforms so you reduce the ways of entry into your company for an attacker.

Not reliant on scheduled updates

We’re not going to say that when you turn commercial software on, it just sits there waiting to get left behind in a changing world.

Commercial software is updated.

But it’s not updated at the speed of change in your business. It’s done on the schedule of commercial software developers.

By the time your commercial software is due for its next round of updates, your security needs might have changed, become more complex, and outgrown what you have.

If you have commercial software you’re at the mercy of external software developers deciding when it’s time to update the product.

And not necessarily update products with new features you actually need.

With bespoke software, you control the rate at which your software is updated, and with what features.

That way, as soon as you identify a need to improve your system, you can make it happen.

Commercial software doesn’t take into account user habits

The biggest flaw with commercial software is that it’s not built with your business in mind.

But it’s also not built with an understanding of how the end user will actually use it.

Working habits and security is a key issue here.

While software is designed to work in a certain way, individual employees always adapt how they use the software to suit how they work and what’s best for them.

This means you’ve got people using software in different ways, which could create a security risk.

Then you’ve got the fact that employees are working remotely more often now, and probably will be doing so in the future.

So now you need software which can handle this new way of working, and meet a security level it was probably never designed for.

Would you really want to put your company’s data, and reputation in the hands of commercial software that’s had the security needs of a student writing their dissertation in mind during its development?

With custom software you can take work habits into account, and include stricter protocols or security features that can protect you against employees accidentally putting you at risk.

How does Metatec build in security

We’ve created software for small, medium and large businesses whose security needs have ranged from basic to high level encryption.

Our proven process means we work with you every step of the way to understand your security needs, rewrite or update your current software to improve security, or retire what you have and replace it with a modern, secure, fit-for-purpose product.

Interested in getting bespoke, custom developed software for your business?

Get in touch