Cybersecurity is essential in the modern digital era; invest in it right from the design stage of your web applications, says Dr Shekhar Pawar.
On February 17, 2026, YouTube experienced a major global outage beginning at approximately 5:30 PM PST and lasting for several hours until restored around 7:40 PM PST. During this disruption, over 320,000 users reported issues in the U.S., with an additional 240,000 users affected worldwide. Key problems included difficulties with login, homepage recommendations, and video playback, particularly impacting users on the U.S. West Coast and in India. The outage was primarily caused by a failure in YouTube's recommendation system, which is responsible for personalised video suggestions. This malfunction led to widespread accessibility issues across various platforms, including YouTube Music and YouTube Kids.
Google’s final update stated: "The issue with our recommendations system has been resolved and all of our platforms (YouTube.com, the YouTube app, YouTube Music, Kids, and TV) are back to normal! We really appreciate you bearing with us while we sorted this out."
There is growing concern about whether these kinds of problems can be avoided.
Cybersecurity by design for web applications could help
“Cybersecurity by Design” means embedding security principles into the architecture of web applications from the very beginning. Rather than treating security as an afterthought, this approach ensures that applications are resilient, trustworthy, and capable of handling disruptions without compromising user confidence.
The foundation of this philosophy rests on four key pillars: confidentiality, integrity, availability, and privacy. Confidentiality ensures that sensitive information is safeguarded from unauthorised access through encryption, secure authentication, and strict access controls. Integrity protects data from tampering or corruption by using hashing, digital signatures, and transaction validation mechanisms. Availability guarantees that systems remain accessible even during failures or attacks, achieved through redundancy, load balancing, and graceful degradation strategies. Privacy emphasizes respecting user data by minimising collection, anonymising where possible, and complying with global regulations such as GDPR, DPDPA, and HIPAA.
Large-scale platforms like YouTube highlight the importance of resilient design. Outages often occur when dependent API services fail – for example, recommendation engines. A Cybersecurity by Design approach would ensure that the homepage does not collapse entirely. Instead, the recommendation panel could be hidden dynamically, while other features such as search, subscriptions, and video playback remain functional. This preserves availability and maintains user trust, even during partial service disruptions.
One effective concept for resilient design is dividing the application into modular web parts. This approach treats a web application as a collection of independent components rather than a single monolithic page. Each part, or panel, is self-contained, with its own logic, data source, and fallback behaviour. By isolating components, a failure in one service affects only that specific panel, while the rest of the site continues to function. This design also enables graceful degradation, where failing panels are hidden or replaced with placeholders instead of breaking the entire homepage. Independent web parts ensure resilience and availability, while continuity of user experience is preserved because core features remain accessible.
During recent YouTube outage, the homepage became unusable because the recommendation API or system failed. With a web parts design, the recommendation panel could have been hidden automatically, while other panels such as the search bar, trending videos, and subscriptions continued to load. This modular resilience would have ensured availability and minimised disruption. Designing web applications with modular web parts ensures that failures in one service do not cascade into full outages. This approach directly supports the CIA triad – confidentiality, integrity, and availability – along with privacy, making platforms more resilient, user-friendly, and trustworthy.In simple terms, if an API method or sub-system fails on a platform like YouTube, the problem should stay isolated and not interfere with the performance of other APIs or user interface components.
Building applications with these principles matters greatly. It creates resilient systems that withstand attacks and failures, reduces costs by preventing vulnerabilities early, ensures compliance with global data protection laws, and strengthens brand reputation by maintaining user confidence.
In conclusion, by embedding confidentiality, integrity, availability, and privacy into web application design, organisations create platforms that are secure, reliable, and user-centric. Cybersecurity by Design is not just about preventing breaches – it is about ensuring that services remain trustworthy and resilient, even when parts of the system fail.
As shown in process flow diagram, Security by Design ensures that security is not bolted on later but woven into every stage of the web application lifecycle. This proactive approach reduces vulnerabilities, improves resilience, and builds trust with users.
Remember, cybersecurity is essential in the modern digital era; invest in it right from the design stage of your web applications.
Dr Shekhar Pawar is a DBA in the cybersecurity domain at SSBM Geneva, Switzerland. He has completed his executive management degree from SJMSOM, IIT Bombay, and engineering in electronics and telecommunications from Mumbai University. Some of his skills and certifications include Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI), ISO 27001 – Lead Auditor, PCI DSS Implementer, Certified HIPAA Compliance Professional, Sarbanes Oxley (SOX) Certified Professional, Diploma in Cyber Laws, Microsoft Certified Professional (MCP), Certified Blockchain Developer, Certified ATM for CMMi Assessment, DSP & Applications – IIT Madras, and Diploma in Industrial Electronics. He is also the author of the nonfiction book ‘Air Team Theory: Understanding 10 Types of Teammates and Best Practices to Succeed’. Currently he is working as Founder and CEO of SecureClaw Inc., Delaware, USA and SecureClaw IT and Cybersecurity Private Limited. Contact: [email protected]
Author
