Future-proofing a business today means increasing scale, reducing time to market, and simplifying app management to align with continuously evolving customer and business demands. Further complicating the picture are the innumerable competitors in both large conglomerates and small startups, all with the potential to disrupt markets or devalue business efforts by introducing solutions that are earlier, faster, or better.

As if that wasn’t enough, the increasingly hostile digital environment has added yet another dimension to the game that IT and business leaders are playing. The highest standards of cybersecurity are just as important as commercial velocity when it comes to gaining and maintaining business momentum. In their race to the top, digital defences can be the deciding factor that wins over customer trust, both in the initial buying stages and in the long run.

The tricky thing about business efficiency and cybersecurity is that they are often considered to be at odds with one another. The same layers of verification and authentication that keep out unauthorised individuals can also slow down customers and employees from identifying and accessing the right information and services. It also doesn’t help that global digitalisation has raised the bar for efficient on-demand online services, higher than ever.

Is security a barrier to innovation or would innovation not be relevant without security? In this podcast, Curt Carlson, CEO of SRI International and Karen Worstell, Senior Cybersecurity Strategist of VMware, discuss the fundamental flaws to many approaches to security technology and how IT leaders will need to make dramatic shifts in their operational models to solve these problems.

Podcast contributors:

  • Curt Carlson
  • Karen Worstell
  • Yadin Porter de León

How do IT leaders satisfy demands on both sides of the divide without feeling like they are running in a 500-pound suit of armour? The good news is that technological developments are increasingly allowing businesses to balance the two without difficulty. Our Foundry Influencer community of experts weighs in on how they are overcoming the traditional IT truism, “better security equals lesser convenience”, and the ways this is changing how they operate.

Defining the start point: Risk appetite and security parameters

To achieve the optimal balance between cybersecurity and user experience, businesses first must identify which of their digital assets require the most protection. As Syed Hussain, Gaming Standards Association Board of Director and CIO of the State of Oregon Lottery, puts it: “Your cyber risk strategy will naturally take shape when you focus on protecting mission-critical information assets. These are crown jewels that your business cannot operate without”.

From there, IT leaders can identify the right cybersecurity solutions to purchase as well as the most appropriate data hygiene practices for customers and their employees to adopt. Top business leaders are already putting this principle into practice. For example, Sridhar Iyengar, Managing Director of Zoho Europe, lists cybersecurity education, data security, and data accessibility as top priorities for building modern SaaS solutions. “Though managing security can be complex, there are plenty of solutions in the market that allow businesses to run their primary operations securely”.

Businesses should no longer treat security as a burdensome expense, but as a vital business component for customer and employee satisfaction that can add top and bottom-line value. In other words, a radical change in perspective is overdue.

Scaling safely and sustainably with the right approach

That said, expecting every customer or employee to be a tech whiz is unrealistic. Roz Gregory, VP VMware Tanzu, APJ of VMware, stresses the importance of data hygiene practices such as login access, two-factor authentication, browsing, and email filtering to be introduced in an accessible and approachable manner. “Cybersecurity capabilities that just merge unobtrusively into a smooth user experience are what will help to drive improved customer retention and employee productivity because they give users the best of both worlds, security and ease of use,” Gregory explains.

“Expecting every customer or employee to be a tech whiz is unrealistic.”


Kieran Gilmurray, CEO of Digital Automation and Robotics Limited, agrees that the integration of security with user experience cannot be understated. “Great security experiences are the only way to limit your security exposure by ensuring that security becomes a living, breathing part of how your teams operate.”

On the flip side, poor and obstructive security implementation can backfire by encouraging users to cut corners and consequently expose system vulnerabilities. “When implemented poorly, a security program can be a nuisance at best, or a severe liability at worst,” Gilmurray adds.

Aside from good data hygiene, IT professionals will also need to optimise their code stacks to minimise the attack surface that cyber attackers can exploit. This becomes increasingly crucial as businesses scale and more disparate devices are added to networks. And just as businesses are always in flux, the work of cybersecurity professionals never ends either. Periodic security training, system audits, and putting in place automated code development pipelines—from making sure source code is secure to automated security testing before the app goes live—will be necessary to ensure that defences are continuously able to address the latest threats.

Cybersecurity as a unique selling point

The relentless, exponential increase in the number and sophistication of cybersecurity attacks over the past few years has resulted in heightened levels of threat awareness, a phenomenon that has had the unintended side effect of putting the IT department’s efforts under the microscope. For many businesses, this has been a benefit since their customers can clearly see how much effort and resources are being put into ensuring that their personal information is being kept safe.

However, to achieve this, it also means that businesses need to break down the legacy silos that exist between customer experience (CX) and cybersecurity for more productive collaboration between departments and functions. “Both your product’s security and people’s perception of its security will influence the customer’s buying decisions. Customers now expect businesses to find new ways to innovate and bring security into CX design”, explains Nicki Doble, Chief Transformation Officer of AIA Philippines.

“We’re expected to find new ways to innovate and bring security into CX design.”


Staying in tune with customer sentiment on the perceived polarity between security and convenience is also important for the long-term relevancy of the business. The amount of risk that customers are willing to expose themselves to is in constant flux, but enterprises that proactively seek to understand their audience and provide relevant solutions to keep them in line with changing commercial expectations can move faster—ultimately enabling them to efficiently capture larger portions of the market.

If nothing else, take it from Aldo Ceccarelli, CIO at SEDAMYL. “Effective cybersecurity strategies are ones that transform protection from mere defensive tools to drivers for growth. The gravity of data protection becomes apparent whenever cyber incidents occur”.