In a world where the demand for tech innovation is matched only by the acceleration of cybersecurity threats, businesses face the challenge of balancing new product development and robust security measures.
Kevin Halkerd, Risk and Compliance Manager, and Andrea Carr, Head of Research and Development at Proptech specialist e4, say this balance is not just a goal, but the cornerstone of their strategic approach.
How can businesses balance the need for innovation without compromising on security? Part of the answer is stepping outside the dichotomy altogether. “It is so important to have both. You cannot have one without the other. A business that does not innovate will quickly fall behind its competitors, and one without security simply will not survive,” says Carr.
“Fortunately, this perspective is fast becoming the consensus in the industry,” says Halkerd. “At CISO conferences, the prevailing message is clear: Security must be baked into the innovation plan itself. This approach ensures that security considerations are part of the developmental process from the start, and not as an afterthought.”
Striking the right balance early
Early engagement of security teams in the innovation process should form part of the strategy from day one. “To encourage and facilitate the testing of new technologies within our organisation, we invite proposals for new tech and evaluate them alongside other similar technologies. Our goal is to create a safe space for experimentation, exploring specific use cases. Before finalising any technology, we involve e4’s security team to thoroughly investigate and identify any hidden risks. This ensures that any technology we integrate is secure and appropriate for our systems. If security is brought in only at the end of an R&D; process, it is already too late,” Carr explains.
“There are so many benefits to this approach,” agrees Halkerd. “By taking this kind of proactive approach in the past we have been able to shift a selected technology from an open-source technology to a closed source technology within a day. This is not viewed as unusual or problematic; we have had to pivot technologies within 24 hours before, changing an entire production environment to a completely different architecture or service provider due to risk factors. This flexibility in avoiding long-term technology lock-ins makes organisations much stronger and can form part of ordinary security measures as well as the overall approach to innovation.”
Security leading innovation
“In fact, it is possible for security considerations to become the driving force behind innovation,” says Halkerd. Security is often at the bleeding edge of innovation discussions. Successful AI strategies, for instance, frequently emerge from security companies that leverage advanced technologies to enhance their capabilities. This forward-thinking approach not only protects the company, but also sets the stage for new technological advancements.
First to market vs. first to get it right
Balancing the need to be first to market with the imperative to get it right is a nuanced challenge. “Introducing something new is difficult. Customers are understandably cautious about trusting technology to do what humans have done in the past. However, once we have one client signed up and running an enhancement we have developed successfully, with data to prove its effectiveness, others soon follow suit,” notes Carr. “The challenge then shifts to having the resources to implement it across all clients concurrently. The key is to get something 80% implemented and working efficiently, and then quickly finalise the remaining 20% to stay ahead of competitors who might be able to achieve 100%.”
It is about finding a middle ground. VCs are often the first lead market, and their perspective is entirely different from established long-term businesses. When leveraging your existing customer base, especially blue-chip clients, you want to bring them something refined and polished. More mature businesses do not necessarily need to be the first to innovate, but do want to see technologies being integrated into their offering.
Managing emerging technology
Adopting emerging technologies like AI requires careful consideration of data security. Once again, involving security teams early in the process serves as an essential guardrail, ensuring that risks are identified and resolved before implementation. “At the simplest level, before adopting any new technology, ensure you understand how securely it manages data. If you do not know the answer, do not proceed,” says Carr.
As with many emerging technologies, it is not as much about the technology itself as it is about the data behind it. AI is going to be a significant game changer for business. “How do you balance security and the need for innovation in that respect,” asks Halkerd. “The key is data operations. Data needs to be in a clean, usable format. If organisations can focus on that, deliver against that; then it is possible to abstract the data safely and sensitively while keeping in mind regulations in South Africa, like the Protection of Personal Information Act (PoPIA).”
By involving security teams early in the process, maintaining transparency, and fostering a culture of continuous improvement, robust security can enhance, rather than hinder, innovation – whether it is AI or the next big innovation on the horizon.
Tel: | +27 11 543 5800 |
Email: | malckey@technews.co.za |
www: | www.technews.co.za |
Articles: | More information and articles about Technews Publishing |
© Technews Publishing (Pty) Ltd. | All Rights Reserved.