Security is stymieing innovation even though most businesses believe security should be part and parcel of their expansion into new markets, products, models, and partnerships, according to a new survey.
Over 80 percent of around 200 senior executives who participated in the International Data Corp. and RSA survey said their organizations have either occasionally, or often, avoided innovative business opportunities (think joint ventures, for example) for security reasons. Only about 21 percent said their security initiatives were strategic and proactive, and promoted innovation. Over 60 percent say their security efforts are compliance-driven, which was defined by the survey as meaning they are implementing checklist controls, focused on passing their audits, and trying to find ways to drive down compliance costs.
Most of the C-level executives in the survey say security should be part of the innovation process, but too much emphasis on compliance or fear prevents that from becoming a reality, according to the report.
So whats going on here? IDC says its a combination of tight budgets and confusion over what security threats to focus on. The survey defined innovation as enterprise efforts to enter new markets, launch new products or services, create new business models, establish new channels or partnerships or achieve operational transformation.
It is evident that in spite of some good progress, the relationship between innovation and security is still very strained. The reality is that innovation and security don't need to be competing priorities; they are in fact complementary, said Chris Christiansen, vice president at IDC. In the end, we believe organizations that demand early IT involvement in business innovation efforts and lay out explicit business innovation metrics for their security teams have a much better chance of advancing their overall organizational goals."
But the IDC/RSA survey shows thats not necessarily happening in large organizations today. And depending on whos in charge of innovation, there are various barriers. Among those in an organization where the CEO spearheads innovation, 51 percent said security isnt aligned with business goals; 31.6 percent said security turnaround time on business needs takes too long; 30.3 percent said executives are too conservative on information risk; 30 percent said they have a limited budget and resources for investing in innovation; and 28.3 percent said their security approach locks down operations rather than enables them.
Kelly Jackson Higgins, Senior Editor, Dark Reading