Data Compliance
Innovation vs. risk how well is your business walking that tightrope?
Bob Bragdon
Jun 27, 2024
Share
While innovation continues to be a top priority for businesses, it often results in an increase in the volume of sensitive data that needs to be identified and protected. And that can increase the security risks.
An increase in sensitive data was confirmed by the US Security & Innovation Study, conducted in the first quarter of 2024 by Delphix and RiskStrat Advisory. The survey-based research of 61 CISOs in the United States explored the intersection of innovation and security within businesses. I’ll highlight several noteworthy findings in this blog.
The study reveals that the majority of businesses perceive their efforts in aligning data security strategies with innovation goals as moderately successful. However, surveyed businesses showed a significant consensus that innovation projects lead to a significant expansion of sensitive data (+17%).
More sensitive data necessitates more protection measures to safeguard the integrity and confidentiality of this data.
The 2024 State of Data Compliance and Security Report
54% of organizations have already experienced data breaches or theft in non-production environments. Find out why — and what you can do about it. Discover insights from 250 global leaders around sensitive data, compliance, masking, AI, and more.
The larger the company, the greater the demand for additional resources to adequately support innovation-related security objectives. Those same businesses do not feel they have good alignment between innovation initiatives and data protection efforts.
There’s a growing recognition of the intricate relationship between innovation and security, as they strive to maintain a delicate balance between fostering innovation and protecting sensitive or confidential data. But in my conversations with CISOs, I have also heard a recurring theme: innovation often happens in a security vacuum.
In other words, security often isn’t brought into the process of innovation until the end.
The results of the study highlight the challenges posed by businesses’ adoption of innovative technologies, like artificial intelligence (AI) and machine learning (ML).
While AI and ML technologies have revolutionized various aspects of business operations, their adoption has made the task of maintaining data privacy and compliance more challenging (+8%).
The dynamic nature of these technologies introduces complexities in ensuring adherence to regulatory frameworks and protecting sensitive information. As these organizations continue to harness the potential of AI and ML, they must address a pressing need for proactive measures to mitigate associated risks and fortify data security protections.
AI/ML Data: 2024 Insights from Perforce Experts
68% of organizations see a lack of solutions for data privacy in AI environments, according to our recent State of Data Compliance and Security Report. So, what can you do about it? Watch the on-demand webinar to find out.
The findings also shed light on the nuanced relationship between security and innovation.
Some respondents indicated a low alignment between their current security strategies and their business’s innovation objectives. They expressed significant concerns regarding the continuing expansion of data footprints that result from these projects (+30%).
For organizations grappling with compliance, the study found that they were less likely to modify their security protocols to enable innovation (-7%). All this highlights the delicate balance between security requirements and innovation objectives.
Many organizations also pointed to a greater need for additional resources, underscoring an issue which challenges data privacy and compliance.
Those security organizations that indicated they were well-resourced tended to also have good alignment between security and innovation projects (+35%). Not surprisingly, adequate resources help to facilitate the implementation of robust security measures without impeding innovation.
Overall, the study emphasizes the pivotal role of resource allocation, alignment, and compliance adherence in navigating the balance between innovation and data risk.
Interestingly, companies with 1,000-4,999 employees emerged as an exception. They were disinclined to bypass security protocols, possibly indicative of unique organizational dynamics within this size range (-23%).
Smaller companies, particularly those with fewer than 1,000 employees, were the only group that had a notable tendency to bypass security protocols to enable innovation (+7%).
This highlights the challenges they face in balancing security imperatives with business imperatives for innovation-driven growth, keeping in mind that these businesses generally have fewer security resources available to them.
The study also underscores the resource allocation disparities identified by security leaders at larger companies, who often express dissatisfaction with the level of resources allocated to support innovation projects.
This discrepancy highlights the complex interplay between company size, resource availability, and the pursuit of innovation goals within organizations.
Meanwhile, smaller companies consistently report a greater impact on their ability to protect data privacy and comply with regulations, indicating the disproportionate burden of compliance and security challenges faced by them.
This suggests that while larger companies may grapple with alignment issues, smaller enterprises confront more pronounced hurdles. For smaller companies, the challenge is in navigating data protection and regulatory compliance vs. innovation-driven growth imperatives.
This study shows the multifaceted nature of the relationship between security strategies and innovation goals. The challenge of innovation vs. security has existed for decades, but artificial intelligence and machine learning has accelerated the pace of innovation and introduced new challenges for security teams.
Businesses like yours face challenges in balancing competing priorities as they rush to embrace innovation. The disparities in resource allocation and the impact on data privacy and compliance further emphasize the complexity of managing security and innovation initiatives across different organizational silos.
As your business navigates this delicate balance, understanding these nuanced dynamics is crucial. You’ll need understanding to devise effective strategies to foster innovation and ensuring robust security measures are applied to deliver proper risk management and regulatory compliance. You also need to be aware of the third-party risks that your business may face in the race to leverage innovative technologies like AI and ML.
The 2024 US Security & Innovation Study was conducted online by Delphix and RiskStrat Advisory. It solicited input from 61 Chief Information Security Officers based in the United States who were asked to rate their level of agreement with a variety of statements. Findings in this blog indicate deviation from the neutral.
Bob Bragdon is the Principal at RiskStrat Advisory. He is also the founding Publisher of the CSO media brand, the leading information resource for security, risk, and privacy leaders, Bragdon spent 21 years leading the global operations for the full CSO product line, which helped to define the role of the CSO/CISO in corporations.
RiskStrat Advisory connects leaders at the intersection of security and business to help manage risk through the sharing of best practices. By bringing these security leaders together with innovative solution providers, their businesses can benefit from moving to a proactive stance allowing them to get in front of problems before they become problems.
You can follow Bob Bragdon on LinkedIn.
Concerned about the expansion of sensitive data and what it means for your ability to innovate?
Find out how Delphix can help.
Discover more >> What Is Delphix?
Explore sensitive data sprawl with Delphix experts:
Find out how Delphix customers protect sensitive data and ensure compliance with data privacy regulations. Get your copy of the customer booklet, featuring stories and examples from 11 companies.