As cyberattacks become an increasingly realistic threat, IT security professionals and software developers have no choice but to find more sophisticated methods to detect and prevent breaches.
By identifying vulnerabilities in business IT networks through development of specialist detection and protection software, security breaches can be minimised. Yet, staying ahead of the latest developments in cybercrime requires continual improvements, adjustments and investments in order to advance IT security.
So, how do the IT security industry support their research and development, especially when solutions to security issues are not so readily available?
One way is by minimising the risks and costs involved in research and development activities, as achieved through use of the UK Government backed R&D Tax Credit Incentive. The following case study explains how one IT security company were able to benefit from the R&D Tax Scheme after improving an existing security framework.
Case Study: Enhancing Security Testing Framework
The Technological Objective:
Security testing frameworks are used by IT professionals to safely simulate real-world cyberattacks; identifying vulnerabilities to bolster IT defences. Although this security testing software performs well, there were concerns over the assessment of security tokens [small hardware devices that allow users to access network services], and how security tokens could be utilised during the testing process.
It would be necessary to investigate security tokens so that the right tools for security professionals could be deployed. This would mean developing specific software that could work safely and effectively on a number of operating systems, but also would be compatible with a variety of testing methods.
This would be no easy feat however, because to achieve this technological advance, the R&D team would need to understand the behaviour of Microsoft Windows security tokens when under normal and attack situations; something that was currently outside the remit of the security token development parameters.
Facing the Challenges of Technological Uncertainties:
From the very start of the R&D project, there were a number of technological uncertainties with no obvious route to a clear solution.
The knowledge that did exist for the operation of the security tokens was held by the system developers within Microsoft, and no efforts had ever been made to combine this knowledge with security testing techniques. This meant that there was insufficient knowledge available regarding the behaviour and reaction of security tokens for integration with a security testing system.
In addition to this, there was no way to know the best method for integrating security tokens for use with a security testing algorithm or how to integrate them into the end application. Even if the team were to be successful at integrating the security tokens, would it provide the enhanced functionality that they wanted to achieve?
All this and more had to be considered, yet the team were happy to move ahead with the project knowing that the costs can be offset by relief available under the R&D tax scheme; especially as the incentive requires that projects demonstrate that they have faced technological uncertainties.
The Outcome of IT Security R&D
Combined research into the operation of Microsoft Windows operating system along with detailed knowledge of methodologies used by security testers, eventually allowed the system integration to be developed. A task that could not have been achieved by the IT security professionals alone.
Therefore, as the project progressed, the technological uncertainties faced were gradually resolved and the tools that would allow security professionals to use a variety of techniques for testing were eventually developed.
The testing framework received the intended code for the security tokens which enhanced and achieved the desired functionality.
The result? Not only is the testing framework now an integral part of every security tester’s toolset, but the company were able to benefit from the R&D tax scheme through a corporation tax reduction that helped to mitigate the risk of the project and support the business to conduct further R&D for IT security enhancements.
R&D support for IT security
Facing technological uncertainties is a frequent aspect of cybersecurity projects, however when it comes to R&D tax credit incentives, these uncertainties can work in your favour. Whether your IT security R&D activities are successful, or unsuccessful, in achieving a technological advance – the R&D Tax Scheme can still support you to make the efforts towards improved IT security.