Security and Privacy by Design: A Matter of Corporate Social Responsibility for Tech Firms

IoT (and the data revolution more generally) exposes a plethora of potential new attack surfaces. Ultimately, the corporations implementing these new technologies bear the responsibility. Security and privacy must be baked into the core of all connected and data-generating/utilizing products and services.

Illustration: © IoT For All

For years, many technology firms have treated security and privacy matters as an afterthought. It was at best a necessary evil related to regulations and compliance; at worst, something companies would window-dress in front of the few clients who would ask the question. It was seen as something boring and expensive, preventing innovation and at odds with functionality.

Of course, with the convergence of the Internet of Things (IoT), big data and cloud computing, the cards are now dealt quite differently. Many tech companies—large and small—are starting to realize that they are going to have to adjust their mindset to survive and to make the most of the times ahead.

IoT Data Invokes the Need for More Corporate Accountability

The convergence of these technology streams generates countless use cases in all industry sectors and has the genuine potential to transform our lives and create trillions of dollars of economic value. But, it also requires a type of hyperconnectivity that exponentially multiplies attack surfaces and is highly vulnerable to cyber threats.

“Data” is currently treated by many tech firms as a free limitless commodity. Many of those firms talk about it as if it belongs to them. But in practice, many firms acquire data through one-sided business deals and from consumers and citizens who have rights and the expectation of privacy. It’s only a matter of time until such practices start to be challenged.

The digital transformation of society will never realize its full potential as long as the trust of consumers and citizens is constantly being weakened by data breaches, cybersecurity incidents and ruthless data monetization by shameless vendors.

Technology vendors who want to stay in the game in the long term must take security and privacy seriously, and turn that into a competitive advantage for the generations of customers who share those values.

With much at stake, it is becoming a fundamental matter of corporate social responsibility for #Tech firms to take #Security and privacy values to heart. || #IoTForAll #IoT #privacy #security #corporatesocialresponsibility #cybersecurity Click To Tweet

But it will be a massive cultural shift for many tech firms.

Responsible IoT through Security and Privacy by Design

Security by Design” and “Privacy by Design” principles have been established for some time. These principles are at the heart of what needs to be done to move forward.

Security features have to be treated, designed and tested as proper product functionalities embedded as early as possible in product development. The respect of customers right to privacy has to be treated as a key business model parameter, not as something firms will compromise to make the numbers add up.

The fundamental need for controls and the ethical treatment of customers at the heart of these principles may not be something tech executives were taught in business school. It’s unknown if the current generation of executives, investors, marketers, and technologists running these firms is capable of understanding and delivering such a shift in values is a key factor.

But it is nevertheless the ability of those firms to embrace these “Security by Design” and “Privacy by Design” concepts that will become the cornerstone of the digital transformation.

Fail to make the move and, at best, value creation will be reduced by several trillion (between one and three trillion by 2020 according to McKinsey & Co). In practice, if the trust of the people is irreparably damaged, the dynamics of the digital transformation may need to be reconsidered.

With so much at stake, it’s becoming a fundamental matter of corporate social responsibility for tech firms to take security and privacy values to heart.

Written by Jean-Christophe Gaillard, Managing Director and Founder of Corix Partners. This post was originally published on Corix’s blog.

JC Gaillard
Jean-Christophe Gaillard is the Founder and Managing Director of Corix Partners. He is a leading consultant, senior executive and a team builder with over 25 years of experience developed in several global financial institutions in the UK and continental Europe, and a track-record at driving fundamental change in the Security field across global organisations, looking beyond the technical horizon into strategy, governance, culture, and the real dynamics of transformation.