Why Security-by-Design Is Crucial When Crisis Forces Rapid Digital Transformation

“If you fail to plan, you are planning to fail.” —Modern proverb

With the COVID‑19 pandemic dominating headlines, fewer voices have examined its lasting impact on technology adoption. The crisis is likely to cement a sustained shift toward automation and remote asset management—spanning industrial machinery, HVAC systems, and supply chains—and to accelerate the rise of virtual care and telehealth in healthcare.

In early March, as the World Health Organization declared COVID‑19 a pandemic, companies began to rethink core processes. The most visible change has been a dramatic surge in the use of collaboration tools such as Slack and Microsoft Teams, according to Chris Kocher, managing director at Grey Heron. Teleconferencing and telehealth platforms—Teladoc, for example—have also seen rapid adoption.

IoT World is North America’s largest IoT event where strategists, technologists and implementers connect, putting IoT, AI, 5G and edge into action across industry verticals. Book your ticket now.

For many organizations, remote access to industrial control systems (ICS) has jumped after a previous decline. Shodan data shows nearly 50,000 U.S.‑based IoT devices now expose an online footprint, and the use of Remote Desktop Protocol has increased despite past security concerns.

“Basic‑level remote monitoring was sufficient when staff could inspect machines on‑site,” says Yasser Khan, CEO of One Tech. “Today, with skeleton crews, plant managers demand deeper, real‑time insight into equipment health—so automation is no longer optional.”

Disaster‑recovery strategies are also evolving. Nitin Kumar, CEO of Appnomic, explains that traditional “manual mode” responses fall short when a pandemic cuts off system capacity. “You need more automation, not more people,” he notes, suggesting that organizations willing to invest in automation will strengthen continuity plans.

Bruce Schneier famously warned in 2016 that “human intervention is increasingly unnecessary” and that “the Internet now senses, thinks, and acts.” As automation spreads, the security implications of a globally connected, semi‑automated IoT ecosystem grow more complex.

Kate Stewart, senior director of strategic programs at the Linux Foundation, cautions that “the more complex a system, the more things can go wrong.” “We must understand potential failures, mitigate harm, and boost software dependability,” she says.

Secure by Design

When crisis forces rapid change, secure‑by‑design principles can be sidelined. Verizon’s John Loveland warns that “adhering to secure‑by‑design is challenging when everyone is moving quickly.” He urges that security teams be embedded in every decision around new technology or processes.

Bob Martin, co‑chair of the Software Trustworthiness Task Group at the Industrial Internet Consortium, advises: “Bring stakeholders—business leaders and operators—into security discussions from the outset.”

Andrew Jamieson, director of security and technology at UL, stresses that security should be the foundation: “If you build a correct base, you won’t have to rebuild. Otherwise, you spend a lot of time fixing what could have been prevented.”

Frank Hißen, an independent security consultant, notes that “security‑by‑design rarely tops the priority list during a rapid shift to remote work and automation.” He emphasizes that secure technologies must be applied quickly to avoid gaps.

Because secure‑by‑design involves multiple hardware and software components, integration can be complex. Chris Catterton, solutions engineering director at One Tech, warns that “vendors selling the ‘puzzle pieces’ often lack robust security measures.” Expanding remote access in IoT deployments demands end‑to‑end security, from cloud or on‑premise systems accessed via VPN.

Finding and Refinding Security Balance

Embedding security into products and processes is essential, but no design can foresee every future threat. “You can’t make a decision today that will remain valid forever,” Jamieson says.

There is tension between adding features and maintaining security. Stewart observes that while many consumer apps tolerate crashes, open‑source software used in critical applications must be dependable, as failures can harm people.

Security ultimately depends on resilience and agility. Jamieson argues that building only for resilience is insufficient when new vulnerabilities arise. “You need the agility to patch, update, or refactor systems swiftly.”

Incorporating security from the start must also embrace resilience and agility. “If you design without security, you design for failure,” he concludes.