Security and Privacy by Design: A Matter of Corporate Social Responsibility for Tech Firms
JC GaillardJC Gaillard
For years, many technology firms have treated security and privacy matters as an afterthought. It was at best a necessary evil related to regulations and compliance; at worst, something companies would window-dress in front of the few clients who would ask the question. It was seen as something boring and expensive, preventing innovation and at odds with functionality.
Of course, with the convergence of the Internet of Things (IoT), big data and cloud computing, the cards are now dealt quite differently. Many tech companies—large and small—are starting to realize that they are going to have to adjust their mindset to survive and to make the most of the times ahead.
The convergence of these technology streams generates countless Applications in all industry sectors and has the genuine potential to transform our lives and create trillions of dollars of economic value. But, it also requires a type of hyperconnectivity that exponentially multiplies attack surfaces and is highly vulnerable to cyber threats.
“Data” is currently treated by many tech firms as a free limitless commodity. Many of those firms talk about it as if it belongs to them. But in practice, many firms acquire data through one-sided business deals and from consumers and citizens who have rights and the expectation of privacy. It's only a matter of time until such practices start to be challenged.
The digital transformation of society will never realize its full potential as long as the trust of consumers and citizens is constantly being weakened by data breaches, cybersecurity incidents and ruthless data monetization by shameless vendors.
Technology vendors who want to stay in the game in the long term must take security and privacy seriously, and turn that into a competitive advantage for the generations of customers who share those values.
But it will be a massive cultural shift for many tech firms.
“Security by Design” and “Privacy by Design” principles have been established for some time. These principles are at the heart of what needs to be done to move forward.
Security features have to be treated, designed and tested as proper product functionalities embedded as early as possible in product development. The respect of customers right to privacy has to be treated as a key business model parameter, not as something firms will compromise to make the numbers add up.
The fundamental need for controls and the ethical treatment of customers at the heart of these principles may not be something tech executives were taught in business school. It's unknown if the current generation of executives, investors, marketers, and technologists running these firms is capable of understanding and delivering such a shift in values is a key factor.
But it is nevertheless the ability of those firms to embrace these “Security by Design” and “Privacy by Design” concepts that will become the cornerstone of the digital transformation.
Fail to make the move and, at best, value creation will be reduced by several trillion (between one and three trillion by 2020 according to McKinsey & Co). In practice, if the trust of the people is irreparably damaged, the dynamics of the digital transformation may need to be reconsidered.
With so much at stake, it's becoming a fundamental matter of corporate social responsibility for tech firms to take security and privacy values to heart.
Written by Jean-Christophe Gaillard, Managing Director and Founder of Corix Partners. This post was originally published on Corix's blog.
The Most Comprehensive IoT Newsletter for Enterprises
Showcasing the highest-quality content, resources, news, and insights from the world of the Internet of Things. Subscribe to remain informed and up-to-date.
New Podcast Episode
Related Articles