4 Tips to Help IT Professionals Balance Security and Innovation

OCTOBER 1ST, 2020

On the surface, enterprise IT security and business innovation seem like mutually exclusive concepts. 

Securing a company’s critical data, applications, and systems against cyberthreats, malicious insiders, and accidental data loss requires a risk-averse approach to just about everything. Innovation, meanwhile, can’t happen without a certain level of risk-taking, because great ideas often happen through trial and error.

COVID-19 further complicates matters by opening up broader attack surfaces and spawning pandemic-themed cyberthreats, while also creating the need for businesses to innovate so they stand out in a weak economy.

So how does enterprise IT reconcile the need for a high level of security and a high level of innovation? They stop thinking in terms of either/or. In today’s unpredictable business environment, you can’t responsibly have one without the other. For innovators, security has to be top of mind throughout design, development, and deployment, and IT security teams have to approach their responsibilities in a way that allows flexibility for our new ways of working and anticipates evolving threat vectors.

Bake In Security from Concept to Implementation

Innovation doesn’t have to mean going rogue. When you implement a few standard best practices, you make room for big, bold ideas without throwing open the security perimeter. Here are four ways to create an IT environment that allows space for innovation with a safety net.

 

1. Treat New IT Initiatives like a Dangerous Experiment

When you kick off a new IT project, there are a lot of unknowns, especially when it comes to security. The best way to navigate this uncertainty is to start small and in an isolated environment. 

This approach keeps the applications under development away from external threats until thorough risk assessment and mitigation is complete. Separating these applications from the rest of the production environment provides a buffer so if the new application creates a security vulnerability, your entire system isn’t at risk. 

2. Prioritize Customer Data Protection

Customer trust is crucial if you want users to embrace your new products and innovations. Research shows that data breaches quickly erode that trust. 

In fact, one study found that 59 percent of respondents were likely to not do business with a company that had a data breach within the past year. That same study discovered that one in four users will switch to a competitor’s product or service after a single instance of ransomware-related downtime. 

That’s a hefty price to pay for not properly securing new applications during and after development. Implementing identity and access management technology like multi-factor authentication, validation, and identity federation in your applications is one way to help ensure only the right people have access to the right resources. 

Proper access management means customer data is secure from unauthorized users and in the event of a breach, it prevents cybercriminals from advancing laterally through the network to where the good stuff is. 

3. Keep Security and Privacy Top of Mind When Working with Cloud-Based Services

There are dozens of good reasons to utilize the cloud for infrastructure and backups, but it’s important to remember that because it is a third-party resource, a cloud service takes some security control out of your hands.

When you house data and applications in the cloud, you have to trust that the cloud services provider cares about security as much as you do.  It can be difficult to ensure vendors adhere to the security practices they say they do, both for data transfer and data storage. 

If there is a breach or ransomware attack, your company can be held liable for data loss and exposure, even if the cloud provider is at fault. To protect your business-critical data and your users, only share the minimum amount of data that is required for the service or tool functionality. 

4. Watch for Internal Threats as Well as External Threats

We often focus so much on The Bad Guys that we tend to forget that many security threats come from the inside—some intentional, some not. The pandemic elevated the level of internal risk when companies sent employees home to work with little infrastructure in place to secure these new connected end-points. 

Remote workers opened up new security holes with their less secure home internet connections, frequent use of personal devices for work, and a million new distractions such as kids, spouses, and housework. All of these factors can contribute to successful phishing and ransomware attempts.

Now these employees are being asked to find innovative ways to help the company stand out in a highly uncertain, very competitive market, often from a laptop on a dining room table. The best way to create a secure environment under these conditions is to find a trusted security partner that can proactively secure innovation in your organization and help protect against new and unknown cyberthreats and data loss. You will get the most ROI by implementing a solution that provides both cybersecurity and data protection and recovery capabilities. Many providers offer one or the other.

Business objectives are a moving target these days, and companies know they have to innovate or they won’t make it through the current economic upheaval. Pair that pressure with the reality that cybercrime, especially ransomware, is surging and you now have to protect dozens/hundreds/thousands of new remote connections on any number of different devices and platforms.

It’s exhausting for IT and it’s exhausting for customers and end users. About 70 percent of consumers already don’t think businesses are doing enough to secure their personal information. An actual lapse in security that affects their data is going to send them running to your competitor. 

Ransomware protection and disaster recovery aren’t optional. Download A Ransomware Crisis Plan Is Now a Business Imperative to learn why your organization has to stay ahead of both the market and the ever-evolving tactics of cybercriminals now more than ever.