Between the ninth and 15th centuries, the castle was the western world's emblem of strength and security. It enabled small villages and towns to repel larger forces and defend what was important to them. That's the same thing e-commerce companies must do today. Every computer system has to be ready to defend itself.
These days, we protect customer data, not the local nobility, and enemies don't march to your gates - they can be anywhere across the globe. However, the biggest difference is that instead of thick castle walls, it's your Web applications that stand at the front lines. Instead of feudal rules to follow, you have industry mandates, such as PCI compliance, HIPAA (Health Insurance Portability and Accountability Act) and SOX (Sarbanes-Oxley Act).
However, today's Web applications are notoriously vulnerable. Nine out of 10 sites have at least one critical vulnerability, according to a March study by WhiteHat Security. As the hacking community - now a mix of organised crime, enemy nations and terrorists - shifts its focus away from the network and towards applications, businesses have to take a new kind of approach to defending digital assets.
Three lessons from the days of knights and castles still apply:
1. Design with security in mind, and make sure your construction techniques don't compromise your design.
2. Building right is not enough. Active security defenses are a must.
3. The job never ends. Staying secure means continual evolution.
