Minimum Secure Products or Minimum Viable Secure Product (MVSP) are guidelines and criteria for creating enterprise or market-ready solutions or services. It consists of a checklist with best practices to follow. The objective is to ensure that B2B software that stores or handles sensitive information follow specific security references.
In this video, Developer Advocate at HashiCorp Rosemary Want explains how developers, operators, or other kinds of engineers should secure their apps platforms, CI Frameworks and data.
Watch the video below to discover how to develop Minimum Secure Products!
Prevention is key
What’s key for Rosemary Wang is that every developer or engineer working on a product should focus on MVSP before starting the project. This will help to develop a secure solution from the beginning, instead of having to add the security aspect after deployment or scaling.
MVSP was developed and backed by companies such as Google, Salesforce, Okta and Slack. It consists of a 24-point checklist divided into 4 main areas: Business controls, application design controls, application implementation controls, and operational controls.
MVP vs MVSP
If you’re a developer with experience with the Agile methodology, you’ll have surely heard of MVP (Minimum Viable Product) before. MVP is the minimum usable version of a product that’s offered to a client or testers for experiencing the app before it’s completed.
MVSP instead takes this concept further, but through a simple checklist. Following these guidelines is highly advisable for startups or teams working on fintech. Also for any product that manages and stores sensitive or financial user data. The concept is to bring security into development from the very start of the whole process.
Also, if you’re instead a client looking for a solution or third-party software, it’s also good to check if this product/application follows the MVSP approach.
More about Rosemary Wang
As a developer advocate for HashiCorp and author “Infrastructure as Code, Patterns and Practices”, Rosemary Wang works to bridge the technical and cultural barriers between infrastructure, security, and application development.
Wang has a fascination for solving problems. She is a contributor, public speaker, writer, and advocate of open-source tools. When she is not drawing on whiteboards, she is debugging stacks of various infrastructure systems on her laptop while watering her houseplants.