Why Security Should be the Main Concern of Innovators
If we want to continue innovating, we need to shift our focus and put security at the very center of development.
Last year, a BairesDev colleague wrote an interesting piece about how we all need to fix the Internet of Things (IoT). In that article, David Russo pointed out that IoT devices have several flaws by design: they need to be connected to the internet to work, they can become legacy pretty quickly, and their companies can go under leaving those devices unsupported (which can make them useless or dangerously outdated).
The conclusion he arrives at is quite simple — the IoT as we know it today is focused on short-term functionality. To be truly game-changers, IoT devices need to ensure long-term functionality that can match the shelf life of their “dumb” counterparts. To do so, those engineers will need to come up with innovative designs that combine scalability, flexibility, ease of use, extended support, resilience, and security.
I’m citing David’s article because I think it makes a valid point about the IoT that can be extended to every innovation under the sun. What’s that point? That the people responsible for those innovations are using an approach that leaves out a lot of important considerations. While I could discuss many of those, I’ll concentrate on how innovation should have security as its top priority. That’s because, as recent events have shown us, no system or company is exempt from attacks, breaches, and hacks.
So, if we want to continue innovating, we need to shift our focus and put security at the very center of development.
A Widespread Challenge
From smartphones and tablets to wearables, cloud computing, and smart speakers, we’re surrounded by innovations that seemingly popped out of nowhere during the last decade. Of course, that’s far from the truth. There are plenty of people behind those innovations, from investors to engineers, IT outsourcing services, marketers, and designers.
Given the breakneck speed at which they work on those innovations, it feels like those development teams cracked the code on how to create new products and services fast. And while that may feel like a good thing (“hey, new things all the time!”), the processes those teams use lead to the IoT landscape David described so accurately in his blog post. So, on one hand, businesses race to the finish line to get there first and beat out the competition. On the other, doing so implies that many things get lost in the way — especially security.
You don’t have to believe me, you just need to take a look at the evidence. The Ring smart doorbell had a massive vulnerability that allowed strangers to spy on the houses where that device was installed. Smarter coffee makers could be easily hacked and accessed remotely. Heck, even smart cars could be hacked and controlled from afar!
Those are just a few examples of innovations that had massive vulnerabilities that translated into high risk for their owners and that, in most cases, were already on the market. Sadly, breaches and attacks are far from being over. In fact, with more and more companies betting on 5G and the interconnection of everything in our daily lives, this level of vulnerability is simply unacceptable. Thus, the cybersecurity of everything we design and create has become the defining challenge of our era.
A Comprehensive Solution
With 5G and the Internet of Things powering a huge digitalization of our surroundings, securing the billions of potentially vulnerable endpoints is a crucial mission. For one, a handful of compromised devices can end up taking down a larger system due to their interdependence. But that’s not all. All of those interconnected devices use and share data to function, information that reflects people’s routines, movements, behaviors, and even interests.
That means that securing innovations in a highly connected world isn’t just about putting up an antivirus solution, setting up a firewall, or integrating an AI-powered defense system — it means that the path towards more robust innovations implies a more comprehensive solution. Such a road contemplates the many facets that make up a product: from the underlying architecture and the software it runs to the policies surrounding the product itself.
Architecture has always been an insanely important part of any system we can develop. But a lot of engineers are concerned about their architectures only because of performance and scalability. Yet, a well-thought architecture is essential for security, especially because security should inform its design on the drawing board.
One of the biggest aspects when devising the architecture of innovation is that it has to be self-managed. Given the increasing digitalization and interconnection of devices, it’s plausible that we (companies, control organizations, governments, and users all alike) don’t have the capability of monitoring billions of endpoints and their relation to one another.
That’s why more and more development companies are starting to implement AI-based algorithms to ensure that control without human interaction. Artificial intelligence and machine learning will become increasingly essential for all innovations, as they’ll provide us with what we need to automate security protocols and enforce self-regulating policies on any system we develop.
And since I’ve mentioned policies, it’s also worth noting that, while there isn’t a flawless security system in the world, a lot of attacks and security breaches would be avoided with the proper protocols. The resilience of any system rests on the human aspect of it all, so having robust policies surrounding the innovation is paramount. Those policies should cover everything, from QA testing while developing the innovation itself to regulations on how end-user will interact with it.
In that frame of mind, any digitally-powered innovation will have to have strong security protocols around it. The best thing about it is that we already have many methodologies and tools that can help us with that, including Zero Trust, AIOps, and fully homomorphic encryption (FHE). All of that would strengthen any system from the get-go and elevate the overall security.
Innovating for Humans
Finally, I’d like to address one final point about innovation and security. I’ve mentioned that the resilience of a system relies on all its human links. In that sense, the developers can’t ignore the human dimension of the innovation they are working on. Apart from working on the product’s features, performance, and quality, engineers need to be vigilant of how end-users interact with the product.
That means two things. On one hand, companies responsible for innovation have to fiercely promote secure uses, training their users on the potential risks inherent in using the device itself, and teaching them how to protect themselves. On the other hand, collecting anonymous data about that use to provide ongoing support that not only provides the security level required but that also ensures the shelf life David Russo discusses in its article.
After all, developers are innovating for humans, so they can’t forget that they need to cover the human side of technological innovation. Ignoring that fact can lead us to new spying doorbells or coffee makers that ask for ransom, nasty things that could be avoided if developers put security before time to market.
