Innovation vs. security: Can you have them both?

Issue 7 2021 Security Services & Risk Management

It was the motoring celebrity Jeremy Clarkson that once said: “speed doesn’t kill, it’s the coming to a stop that gets you.” The same applies to rapid innovation.

If you roll out the latest and greatest technology too quickly without securing it, you might be vulnerable to halting attacks. Implementing the most market-leading innovations is the name of the game, but at what cost and what risk. Speed and safety are the two sides of the rope pulling at each other, but the real question is if it is possible to have both?

Matthew Gaskell.

There is a perception that it’s one versus the other. That when you create for one, you have to apply the other. It is a push and pull mechanism. The more creative and innovative, the greater the security risk of vulnerability. And that implementing security protection mechanisms can really put the brakes on speedy innovation.

However, successful companies see another way. The true genius is being able to do both. True innovation is being able to deploy at speed while creatively building the guard rails that prevent unwanted threats. It’s about maintaining that balance of speed and safety. Getting it right takes great skill and requires ingenuity.

Below are some of the innovation and security divides to consider.

First to market vs. untested defences

In a desire to be the first to market with your concept and gain first-mover-advantage, often there is an increase in complexity without the technology being tested against known/unknown threats. This creates vulnerabilities and you can leave yourself exposed. Automated testing can help smooth out the process and quickly catch the unknown exposures that could have been overlooked.

New technologies vs. new vulnerabilities

When new technologies are introduced they are often untested or haven’t been tested thoroughly, which means they are not always secure. When this occurs, new weaknesses can be introduced that either exist or haven’t been discovered yet. Small changes can introduce large holes in previously solid defences. New technologies can change an entire industry landscape but at what cost to the security of the customer, consumer or user?

When you’re trying something new, you have to learn how to protect it as well.

New features vs new exposures

As you add game-changing innovations you have to make sure the safety belts work and the tyres are roadworthy. New features impact the integrity of your security posture. This speaks to the way in which the pieces of your system fit together over the strength of the technologies you use.

Leading-edge features such as decoupled architectures can allow you to chop and change at pace, but they need to be securely fastened. Protect the component not the perimeter.

Innovation vs. compliance

In many industries compliance is a must, such as in banking, payments and insurance. You have to maintain compliance to various standards whether they be PCI, PII or PoPIA. Every industry is impacted by these standards to some degree.

When designing and building new systems, architectures or software, you have to be cognisant of the respective compliance requirements that you need to adhere to. The benefit of innovation without compliance can have costly compliance ramifications. For example, exposing customer data such as personal information can violate legislation or standards and lead to heavy penalties. What makes this riskier, ironically, is that compliance standards are not standard. They are constantly in flux, making this knowledge tantamount to success.

Constant automated monitoring of updates or modifications can alleviate the restricting burden of continual compliance. Small systematic increments make it easier to rapidly roll out the latest and greatest creations while maintaining the compliance rubber stamp.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Sustainability School opens for enrolment
Education (Industry) News Security Services & Risk Management
Three-part programme, first developed for Schneider Electric employees, is now available for free for companies worldwide. Attendees learn how to future-proof their businesses and accelerate their decarbonisation journeys.

Success in business process best practices
Technews Publishing Kleyn Change Management Editor's Choice Integrated Solutions Security Services & Risk Management
This month we commandeer time with the woman who is spearheading our national conversation on Women in Security, Lesley-Anne Kleyn, to get to know the lady herself a little better.

Security awareness training
Training & Education Security Services & Risk Management
It is critically important to have a security awareness solution that uses the limited time available to train effectively, and one that provides targeted education that is relevant to users.

Technology to thwart solar panel thieves
Asset Management, EAS, RFID Security Services & Risk Management Products
A highly efficient industrial network is coming to the rescue of the solar industry, as solar panels, inverters and batteries are being targeted by thieves and threaten to destabilise the industry.

Banking the unbanked comes with security risks
Financial (Industry) Security Services & Risk Management
As grim as it was, the pandemic of recent years and its resultant global economic crisis were a prime catalyst for record number of first-time bank users, the previously unbanked.

Security is like infinity
Alwinco Security Services & Risk Management
Security needs constant attention, dedication and input. The scary thing is that most people think that security is something that you buy, install, and then forget about.

Vulnerabilities in industrial cellular routers’ cloud management platforms
Industrial (Industry) Cyber Security Security Services & Risk Management
Research from OTORIO, a provider of operational technology cyber and digital risk management solutions, unveils cyber risks in M2M protocols and asset registration that expose hundreds of thousands of devices and OT networks to attack

SAFPS to launch a platform to combat fraud
Editor's Choice News Security Services & Risk Management
In response to the growing need for a proactive approach to fraud prevention, the SAFPS is developing a product called Yima, which will be a one-stop-shop for South Africans to report scams, secure their identity, and scan any website for vulnerabilities.

End the scourge of solar panel theft
Guardian Eye IT infrastructure Security Services & Risk Management
Modern solar installations are designed so they can be put together very quickly, but this means they can also be dismantled very quickly, and so there has been a massive spike in the theft of solar panels from roofs.

Troye and Arctic Wolf join forces
News Cyber Security Security Services & Risk Management
Troye has announced a strategic partnership with Arctic Wolf to enable Troye to provide customers with enhanced cybersecurity solutions and services that help protect their businesses from advanced cyber threats.