Security - the antithesis of innovation?

We all know that change is the only constant in the world of technology. But there are a few aspects of technology that seem impervious to change. One is that security is the antithesis of innovation. The reason is intuitively obvious: innovation creates change; change leads to disruption; disruption introduces vulnerability. On the flip side, innovation withers in the face of security. Security is about prevention, prohibition, and control, all of which are anathema to novelty and creativity.

Right?

An alternative viewpoint is gaining momentum among forward-looking enterprises. It is the notion that security is not only about what you prevent; security is also about what you make possible. The right security, implemented the right way, can actually empower employees and businesses to innovate and explore new possibilities.

Take a closer look at the BYOD (bring your own device) movement, for example, and you may see the relationship between security and innovation in a whole new light.

For decades, corporate information technology (IT) departments have been run as dictatorships - the Ministry of No. But employees are rising up. They’re demanding freedom of choice in the devices and apps they use to do their jobs. In growing numbers, they’re bringing their own devices to work, and they’re running software they downloaded from the public cloud. In the process, they’re wresting control from IT. In a recent study by Forrester Research, titled ‘Key Drivers: Why CIOs Believe Empowered Users Set The Agenda for Enterprise Security’, 60% of IT executives agreed that “the balance of power to introduce technology into the enterprise is shifting from the IT organisation to the business end user”.

Or, as it was succinctly put by Cisco CEO John Chambers, “BYOD trumps security.”

This phenomenon has been called the democratisation of IT. And what happens in a democracy? What happens when people - in this case employees, customers, partners and suppliers - are unshackled from mandates and restrictions and granted freedom of choice? What happens when the workforce is empowered to safely and quickly select the best applications, services, devices, data sources and websites the world has to offer, not just the resources imposed by IT?

They are empowered to create, communicate, collaborate, explore, facilitate, share … and innovate.

Business leaders - particularly those in fast-growing companies - have recognised the link between security, innovation and profit. A recent global survey by the Economist Intelligence Unit (EIU) showed that IT and business leaders believe profits would increase an average of 26% if users had freedom of choice in the technology they used to do their jobs.

That is why enlightened enterprises are launching new initiatives aimed not only at improving their security posture for BYOD, but for strengthening security across the board: advanced threat protection and cyber defence, managing the impact of cloud apps, security analytics for incident response, even securing guest Wi-Fi connections.

It is important to note that the workforce is not the only group for which security is a catalyst for innovation. Consider the opportunities for independent software vendors (ISVs). When the IT department acted as a regressive force, there were very few entry points into the organisation. But as power shifts away from IT and into the hands of end users, there are more and more openings for the value-added creations of third-party innovators.

DropBox is just one example. It is a consumer app that was created to provide a fast, easy way to transfer big files. The app is now used for business as well because it solves a problem the IT department couldn’t or wouldn’t. And DropBox, which was founded in 2007 as a Y Combinator start-up, now has more than 100 million users and the company is valued at $5-10 billion.

It is also true that the complexity of IT has never been greater than it is today - which means there is plenty of pent-up demand for innovations that simplify or consolidate IT equipment, technologies and processes. Strong security empowers this type of innovation because it removes the most common excuse for inertia: fear.

It is interesting: virtually every business leader claims to prize innovation above all else - yet almost every CIO (90%, according to the Forrester study cited earlier) believes security concerns inhibit or slow down innovation. The enlightened few are beginning to see security from a new perspective. Security does not have to be the roadblock; it can be the catalyst for business empowerment.

Dr Hugh Thompson is chief security strategist and senior vice president at Blue Coat and a leading force in the information security industry. For the past three years, Dr Thompson has served as the program committee chairman for RSA Conference, the world’s largest information security gathering, where he is responsible for guiding the technical content at both the US and European RSA Conferences.