When you build a project, your goal is to solve a problem. You may get so focused on this goal that you ignore the other factors you should consider, like security. Security is one of those things that’s super important but easy to ignore.
Yes, creating a secure solution is more complicated than building a solution without considering security. But if you want to build something that people will actually use, it has to be secure. And it’s far easier to incorporate security from the start than it is to retrofit security into a finished project. So you need to keep security in mind from the very beginning. In this book, for example, we don’t just want to build a tool to stream data—we want to build a tool that streams data securely.
When you start your career as a software engineer, security can seem like a thankless job. If you do it right, no one will know you did it at all, and building it can be scary and even boring at times. Over the years, from building several software-as-a-service startups, I’ve changed my tune—I now consider securing my services as important as the problems they solve. Here’s why:
Security saves you from being hacked. When you don’t follow security best practices, breaches and leaks follow with amazing regularity and severity, as we’ve seen in the news. Whenever I’m building a service, I think about what it’d be like if the data I’m trying to protect was publicly posted all over the planet. Picturing this gives me the motivation to make sure that sort of thing doesn’t happen to me, and thankfully it hasn’t yet (knock on wood).
Security wins deals. In my experience, the most important factor in whether a potential customer bought software I worked on came down to whether the software fulfilled some security requirement.
Security is painful to tack on. Taking an insecure service that lacks the basic security features most people need and then trying to tack those features on is a painful, tricky process. In contrast, it’s relatively easy to build those features from the start.
Those high stakes get me fired up about building secure services. So let’s get to it.