Innovation and Security: A Perfect Mispairing!
In this age of innovation and technology, is the only safe system one that no one can access?
Well… yes… and no!
Impenetrable systems are a myth! It’s a good idea to take a step back every once in a while and look at the aftermath of our actions. The consequences of achieving a completely secure system could just be you banging your head as you realize no one can access it, including you! Where does this lead us? Does it mean innovation will come at the cost of your security posture? To better understand this let’s dive deeper into what we think we know.
Innovation
Walk into the boardroom of any company and ask them if they believe innovation is necessary? You’ll most likely see everyone nod their head in agreement. Ask them what innovation is? You’ll witness a struggle to make sense.
So what is the definition of innovation? According to the Oxford dictionary, it’s: “the action or process of innovating.” Not really helpful, is it? Being frustrated with the internet and opting to look for the definition in the Merriam-Webster dictionary will leave you equally disappointed! They define innovation as: “a new idea, method, or device : NOVELTY”.
If you’re wondering why the definition of innovation is so vague, then you’ve come to the right place! In my opinion, innovation is the execution of an idea that successfully delivers value with the introduction or implementation of something new.
Security
Technology plays a vital role in today’s world, we are reaching a point where it is practically impossible to navigate our day without the help of a gadget or device. These gadgets and devices rely on a complicated combination of processors, information systems, memory, etc. which store vital pieces of data all working in sync to be functional and useful to us. Security can be understood as placing controls based on best practices to ensure the system is free from a threat or danger, and performs at its optimal level.
Now, I could go on and on about what security is and what companies can do to secure themselves, but I’ll save that for another time, or if you’re finding it difficult to contain the urge, head over to this article!
Do we really need innovation?
At SSENSE, we believe innovation is the way to grow. We view innovation as a step towards gaining an edge in the market. Now, more than ever, customers crave ideas they have never seen before, a product or technology that — as millennials say — “breaks the internet”.
Companies focused on gaining an edge in the market tend to usually go down the route of digital transformation, often thinking it’s the same as innovation. Digital transformation focuses on expanding their networks and moving from one instance to another to introduce newer-edge applications, faster computing systems, and niche features. This in turn increases productivity, helps in analyzing and understanding data, and eventually reduces costs. Although digital transformation can be the first step towards innovating, and innovation can be seen as the driver for digital transformation; the difference between digital transformation and innovation all comes down to one key factor, time!
Digital transformation is a process, which once set in motion, can take years to complete. Moving from one state to another requires planning, whereas innovation is all about introducing an idea, concept, or a product to disrupt the current norms and standards. The dawn of e-commerce is the perfect example of how positively disruptive innovation can be. This, coupled with the introduction of social media, has given companies a whole new tool set to attract and engage with customers.
So yes! Innovation is definitely needed! Or as I once read on the internet “Be the G.O.A.T in a herd of sheep”.
I don’t see it, what’s the issue? How does this impact Security and why are they a misfit?
How often do we come across the news of a major corporation being hit by a data breach? It has increasingly become a trend these days! My heart skips a beat every-time I see a breach notification, I cross my fingers, open my mail, and pray I’m not one of the affected ones! If you feel this is terrifying, maybe it’s time we start paying closer attention and start looking at what’s hidden behind the bigger headlines! For the largest corporate giants of the world, a data breach might have a negative impact on their business as users will lose trust, and they will face financial repercussions. However, at the end of the day, they always rise, they come back with better controls, they inject more money into the right areas, and they win back the trust of the users who have been affected.
This, however, is not the case for smaller companies, companies that put everything on the line to innovate and bring something new to their consumers. For them, a data breach is a battle for survival! A recent report published by Hiscox, brings to light the actual cost of a big data breach. Their findings suggest that a major data breach can cost smaller companies and startups US$200,000, and result in 60% of them going out of business within six months of being victimized.
The first identifiable “security fail” comes to light when tech companies and startups begin pushing the boundaries of what a system is built to do, or when they integrate multiple processes which were not ready to be integrated. A perfect example of this is how fast our industry adopted Internet-of-Things (IoT) devices and “smart devices”. The accessibility of IoT devices has helped industries bank on opportunities they didn’t have in a pre-IoT era. IoT’s have revolutionized and improved how we plan a service, automate processes, respond to specific actions, and deliver a service. The risk this poses is the amount of data being collected to do so, we have effectively increased the attack surface for any critical information system 10 times over by connecting it to an IoT device without assigning the right controls. For an IoT device to successfully work, it requires multiple unmanaged data points to communicate with a centralized system. A new point of attack is created with every transmission being sent between the data point and the system, yet a quick search on Shodan will reveal millions of devices which fail to encrypt data or block unauthorized and unauthenticated access.
What is the sweet spot? Is there one?
Innovation is a spark of imagination, it can come to you when you least expect it, and it can completely change the way things are done. If I had to identify a gap, I would pinpoint this exact moment, it is not uncommon to take decisions in the heat of the moment. Decisions like this will undoubtedly propel your idea towards a success story, but will also open up your information systems to a multitude of attack vectors.
To circumvent this, as a believer of innovation, my proposed solution does not revolve around secure coding or secure development lifecycles. Yes, these are important and relevant, but to solve the issue, we need to take a step back and look at the highest level.
I tend to be observant, and my time at SSENSE working with some of the most talented individuals made me realize the solution lies in being proactive and expecting an innovation; not waiting for an innovation to happen and then laying the foundations. Being proactive and expecting your team to innovate lays a strong implementation and security oriented foundation for when an innovation takes place.
Happy innovating!
Editorial reviews Deanna Chow, Liela Touré, & Prateek Sanyal.
Want to work with us? Click here to see all open positions at SSENSE!
