Does compliance kill innovation? 🤔


We cannot be creative because it violates security!

If we do these, the security folks are gonna give us a hard time!

We often hear that cybersecurity compliance kills one’s innovation, but is this really true? Is this purely people’s perceptions or are there real obstacles in cybersecurity compliance? If this is people’s perceptions, have we taken a step back to understand why they think this way?

Today we’re going to look at whether compliance is truly a hurdle to innovation or it is just misconceptions within people. But before we dive into the perception of cybersecurity compliance, let’s take a look at what it is and why it is required in every organisation.

Compliance is deemed as a very important piece in the cybersecurity field because cybersecurity itself is a complex and included system in the Internet, with software and hardware implemented with a high focus on resilience.

Compliance has to exist for a good reason, no one wishes to be attacked by cyber hackers or get into cyber incidents. Compliance can be seen as the core of risk management means to ensure the baseline meets certain standards/benchmarks on cyber controls and measurement that is taken as important by our organisation.

Compliance is often not a dead subject and is not the only way. Compliance builds on an ideal benchmark with good intention as the objective. Understanding the intent of the compliance will allow your innovative ideal to benchmark against it.

It’s like a set of good parenting guides — when your young children are leaving home, we’ll always ask them to wear something to protect their feet. They may choose to wear shoes, sneakers, boots, slippers, etc. Regardless of whether they listen to our prompts/reminders, our intention (as parents) is to protect their feet as they may step on grounds that have sharp objects which could potentially hurt them. They can even go superb innovative by wanting to wear a self-created, metal plate robot feet looking shoe… you get our point here.

Cybersecurity compliance works the same! They are a set of good intentions that are meant to help and speed up good consideration when implementing any types of products.

It’s important that we see cybersecurity compliance not just as a collection of mandatory requirements but as a consequence of risk to our organisation when failing to meet. Doing so will allow us to actually see the actual intention of the compliance. Especially in today’s context, every organisation big or small is very much possible to become a victim of cyber attack.

Another way to see compliance is something that has been done in a certain way that it has always been done. However, it’s not the only way, at most a proven way. Because only by understanding the true intention of the compliance, there will always be a possibility and innovative way to implement a system to achieve the same need. Just like the kid’s robot leg.(❛̀͜ʖ ́❛)✊

Anyway, happy 2023 everyone!

🧙🏼‍♀Team Merlin 💛
Application security is not any individual’s problem but a shared responsibility.



Team Merlin
Government Digital Services, Singapore

Software | Security | Quality enthusiasts doing the right things