Secure by Design means building security into a system from the very start - at the
business case and design stage - rather than bolting it on after the fact.
It treats security as a continuous thread through the whole project lifecycle, from
concept through development, deployment and maintenance, so risks are designed out
before they're built in.
It began as a UK Government mandate for public-sector delivery teams, but the principle
applies to any organisation that builds or buys technology: the earlier security is
considered, the cheaper, faster and stronger it is to achieve.