In a world where the demand for tech innovation is matched only by the acceleration of cybersecurity threats, businesses face the challenge of balancing new product development and robust security measures. Kevin Halkerd, Risk and Compliance Manager, and Andrea Carr, Head of Research and Development at Proptech specialist e4, say this balance isn’t just a goal but the cornerstone of their strategic approach.
Innovation and security isn’t an either/or
How can businesses balance the need for innovation without compromising on security? Part of the answer is stepping outside the dichotomy altogether. “It is so important to have both. You can’t have one without the other. A business that doesn’t innovate will quickly fall behind its competitors, and one without security simply won’t survive,” says Carr. Fortunately, this perspective is fast becoming the consensus in the industry, says Halkerd. “At CISO conferences, the prevailing message is clear: Security must be baked into the innovation plan itself. This approach ensures that security considerations are part of the developmental process from the start, and not as an afterthought,” he says.
Striking the right balance early
Early engagement of security teams in the innovation process should form part of the strategy from day one. “To encourage and facilitate the testing of new technologies within our organisation, we invite proposals for new tech and evaluate them alongside other similar technologies. Our goal is to create a safe space for experimentation, exploring specific use cases. Before finalising any technology, we involve e4’s security team to thoroughly investigate and identify any hidden risks. This ensures that any technology we integrate is secure and appropriate for our systems. If security is brought in only at the end of an R&D process, it’s already too late,” Carr explains.
“There are so many benefits to this approach,” agrees Halkerd. “By taking this kind of proactive approach in the past we’ve been able to shift a selected technology from an open-source technology to a closed source technology within a day. And this is not viewed as unusual or problematic; we’ve had to pivot technologies within 24 hours before, changing an entire production environment to a completely different architecture or service provider due to risk factors. This flexibility in avoiding long-term technology lock-ins makes organisations much stronger and can form part of ordinary security measured as well as the overall approach to innovation.”
Security leading innovation
In fact, it’s possible for security considerations to become the driving force behind innovation says Halkerd. “Security is often at the bleeding edge of innovation discussions. Successful AI strategies, for instance, frequently emerge from security companies that leverage advanced technologies to enhance their capabilities.” This forward-thinking approach not only protects the company but also sets the stage for new technological advancements. “e4 started running with AI within our environment in 2019. From a security perspective, being well ahead of the curve is something that’s stood us in good stead. We’re able to look into our network, identify what’s happening, identify certain anomalies, trends, and modify our approach based on that,” he adds.
First to market vs. first to get it right
Balancing the need to be first to market with the imperative to get it right is a nuanced challenge. “Introducing something new is difficult. Customers are understandably cautious about trusting technology to do what humans have done in the past. However, once we have one client signed up and running an enhancement we’ve developed successfully, with data to prove its effectiveness, others soon follow suit,” notes Carr. “The challenge then shifts to having the resources to implement it across all clients concurrently. The key is to get something 80% implemented and working efficiently, and then quickly finalise the remaining 20% to stay ahead of competitors who might be able to achieve 100%,” she says.
“It’s about finding a middle ground,” adds Halkerd. “VCs are often the first lead market, and their perspective is entirely different from established long-term businesses. When leveraging your existing customer base, especially blue-chip clients, you want to bring them something refined and polished. More mature businesses don’t necessarily need to be the first to innovate but do want to see technologies being integrated into their offering.”
Managing emerging technology
Adopting emerging technologies like AI requires careful consideration of data security. Once again, involving security teams early in the process serves as an essential guardrail, ensuring that risks are identified and resolved before implementation. “At the simplest level, before adopting any new technology, ensure you understand how securely it manages data. If you don’t know the answer, don’t proceed,” says Carr.
As with many emerging technologies, it’s not as much about the technology itself as it is about the data behind it. “AI is going to be a significant game changer for
business. Now, how do you balance security and the need for innovation in that respect,” asks Halkerd. “The key is data operations. Data needs to be in a clean, usable format. If organisations can focus on that, deliver against that, and then it’s possible to abstract the data safely and sensitively while keeping in mind regulations in South Africa like the Protection of Personal Information Act (POPIA).”
By involving security teams early in the process, maintaining transparency, and fostering a culture of continuous improvement, robust security can enhance, rather than hinder, innovation – whether it’s AI or the next big innovation on the horizon.