How do we balance innovation with security?


How do we balance innovation with security?

With exponential growth in information technology, IT leaders are still fighting to keep pace with the industry; given its recent turmoil and security bottlenecks that have indeed become a cause for concern in recent times. It would also be right to imply that information security has not enjoyed the same amount of development that IT has enjoyed over the years. Thus, rising institutional problems, coupled with increasing security threats, is enough reason to prompt institutional leaders to act swiftly.


Not too long ago, Evernote was “stunned” by reactions of angry users who didn’t take likely the news that Evernote was allowing employees read users’ information and content in a bid to support and test new automation and machine-learning capabilities. Many users echoed that they were willing to quit the service altogether if the privacy of their information cannot be guaranteed, even after Evernote tried to explain that only specific employees would be able to access their files. This is a typical example of a situation where even honest efforts to improve and innovate user experience are sometimes met with strict resistance on the grounds of privacy and security concerns that can bite you in the foot.


Subsequently, innovative companies are faced with an arduous task when they try to balance both security and innovation. According to Bill Curtis, SVP and chief scientists at CAST Software – a software measurement and analytics firm, “There is no innate conflict between innovation and security; the tradeoff often comes in speed-to-market versus adequate quality assurance.” Executives will often make a compromise between revenue lost arising from additional testing time against possible loss arising from a security flaw. Bill Curtis believes that “The problem is that they rarely understand the full extent of the damages if a security breach is extensive.”


Thus, how do IT experts and developers work hand in hand to create this delicate balance between security and innovation?


To begin with, a cordial partnership between IT professionals, IT security and software coders is paramount. This collaboration will go a long way to ensure that security and privacy concerns are deliberated upon at the earliest stage of both development and design. Rather than view security as an impediment to innovation, the partnership should consider security as a key part of the innovation process.


According to Ponemon, who reckons that Apple is a noteworthy example, opines that “It starts with the people who are the engineers or the creative people who are developing new apps and new devices; to have them actually think about security as part of their early-stage process during the development cycle.”


Security can also be enhanced when a thorough risk assessment of new digital product and application is undertaken from the onset, to enable developers to write a more secure and stable code – with the aim of finding that important equilibrium between innovation and security. However, risk assessments must be carried out in compliance with a set standard; else its efficacy becomes doubtful.


In the end, it all starts from the genesis – the collaboration between Software Coders, IT professionals and IT security is the all-important piece to balancing both innovation and security and the latter must be regarded as a critical stage of the former – if the much-needed equilibrium between innovation and security is to be achieved.