Security VS Innovation
80% of senior decision makers say security hindering innovation
Last year, cybersecurity specialist Webroot and data centre organisation IO commissioned a survey of 500 senior decision makers from UK businesses of varying sizes. It found that 80 per cent of respondents believed security issues were impeding innovation. As well as this, 57 per cent thought that hasty innovation would compromise security. The survey specifically focused on the Internet of Things, but the results represented a clear trend within the wider tech community. Security, it would seem, is holding innovation back. What happens when security stops being a protective measure and, like a paranoid parent, begins wrapping organisations in metaphorical wool?
Progress versus protection
Is it acceptable to shirk on security for progression’s sake? For many, this is a rhetorical question. Moving forward means taking risks, and there are checks in place (and insurance) for sorting things out if or when they go wrong. Technology policy expert Eli Dourado cites minimal state meddling as the reason why the US is home to tech behemoths like Google, Facebook and Apple. For him, and no doubt for others, there can be ‘too much safety’. As innovators increasingly seek to push boundaries, security agencies and regulatory bodies are tasked with reigning in their enthusiasm. Instead of galloping forward with a concept, product, or service, companies are suddenly faced with a cornucopia of considerations. When the majority of respondents in Webroot and IO’s survey agreed that security issues impeded innovation, it didn’t specify what these issues were. As you can imagine, it’s a pretty long list. Extensive security checks can be time consuming, costly, and generally prevent concepts from ever materialising. It’s not always external influences that force innovators to hold their horses, though. Data security is paramount to all organisations, and any internal decision that could jeopardise it will not be made lightly. Collecting and storing data can present a huge security risk – to name but one example, take the Tesco Bank hacking scandal. Even so, this hasn’t stopped businesses from becoming data powerhouses and uploading information to the cloud. Nor has it stopped autonomous vehicle manufacturers, robotics companies or drone developers from challenging regulations. As such, innovation will always have a difficult relationship with security – but perhaps they can at least be friends.
Most businesses are willing to accept that innovation will lead to casualties, and that security measures are there to reduce them. However, this doesn’t make it any less frustrating when a coveted technician can’t get clearance to join an organisation, or when a licence to test a groundbreaking piece of hardware is rejected. So, how can businesses cope with the surge in security?
Part of this is simply being patient – which is admittedly difficult to do when you’re competing with others to bring a product or service to market. One active response could be to use an endpoint security solution that applies security policies to data, suggesting or automatically activating a response that ensures compliance. Security agencies themselves also have a responsibility to make sure that the solutions they use work as efficiently as possible. The US National Background Investigations Bureau (NBIB), for example, has been criticised for its backlog of 700,000 applications. With the application of efficiency enabling tech like Artificial Intelligence and process automation, these checks could be completed in less time and with greater clarity.
If innovation puts our safety and security at risk, is technological growth worth it?
For the most part, businesses recognise that risk taking is a necessary part of progress, and accept that casualties will happen. The family of the test driver who was killed in a Tesla car would probably feel differently. But that’s exactly the point – the driver was taking part in a trial. Without the trial, more lives could easily have been lost. By doing something that was clearly not safe, Tesla was able to recognise a safety flaw in their cars. The crux of the issue is working out exactly what levels of security are needed in which contexts – sometimes, too much security can be immobilising. But as tiresome as regulations might seem, they exist for a reason – and sometimes, it’s in our best interest to be patient.
Should innovators be able to develop technologies without the pressure of security concerns? In which other industries are innovation and security at loggerheads? How does your business comply with security standards? How do you cope with balancing risk against innovation? Please share your thoughts.