GET THE FREE NATIONAL CYBER SECURITY APP FOR YOUR PHONE AND TABLET
You don’t have to work in Silicon Valley to appreciate the speed at which technology companies introduce new products and concepts to the market. A lot of that pressure is healthy, and it comes from both internal (“we can’t get beat to market by another company”) and external (“we have to grow users/revenue/profits by this much in two years to satisfy our investors”) sources.
The cost of that fast-paced development cycle, however, is that quite a lot of buggy and flawed code is out in the wild. As criminals become more adept at finding those flaws, security nightmares will start to pile up. Sped-up development cycles also create tensions between developers who are under the gun to ship, and the information security professionals who will get the blame for security problems despite not having enough time to do a proper evaluation.
This is a fundamental problem with the modern tech industry that we’ll discuss in detail at Structure Security, which will be held September 27th and 28th at the Golden Gate Club in San Francisco’s Presidio district. I’ll explore this topic with Diana Kelly of IBM IBM -1.17% and Bob Lord of Yahoo YHOO -0.73% in two different sessions, and it will be the background for several other sessions featuring some of the best minds in information security and technology.
Disputes in which both sides have excellent points are the hardest to solve. The relentless speed of technology innovation has transformed the world in an amazingly short period of time, and slow tech companies tend not to make it. “Ship and iterate” is actually a very effective product development strategy on the web, and in any event, you’ll never find every bug: software is written by people who make mistakes. And while the best never make the same mistake twice, as technology gets more complex, we make mistakes in new ways.
Get Data Sheet, Fortune’s technology newsletter.
Yet when speed is prioritized over security, companies leave themselves open to potentially devastating outcomes. Flawed internal applications can reveal a treasure trove of priceless corporate data to the wrong people. A company’s brand and goodwill can be ruined overnight by a security breach, and prompt regulators to take a closer look at a company’s operations.
There’s a balance here that needs to be struck between fast-paced innovation and proper security protocol, and while I’m not sure we’ll be able to solve it at Structure Security, we at least hope to spark these conversations within companies and tech groups. One of the primary reasons we decided to put together our first security conference was our astonishment at how fractured the relationship between product developers and security pros had become—something echoed again and again by our council of advisers.
We have to fix this. Security breaches grow more and more numerous and damaging every day, and this hurts companies, customers, investors, and the digital economy in general. And as more and more companies outside of the traditional tech industry embrace software—lest they be eaten by it—the need for product development and security to be on the same page grows ever more paramount.
I don’t think “slow development” will ever catch on quite the same way that “slow food” and “slow news” are gathering followers. But if you’re an executive at a tech company responsible for setting the pace of the product roadmap, sooner or later, you’re going to need to find more room for security analysis in that roadmap. It would be better to start a culture of security thinking in your organization before you run into a security disaster, and not after.