To scale business, startups need to have security-first approach

We have over the past few months seen a spate of cybercrime attacks that are taking advantage of cybersecurity practices e.g. patch management.  These have had huge consequences for organizations of all sizes as well as their end customers. For companies, the security breach, besides the loss of trust issues, directly affects the bottom line. To make it all worse, an average 75% of such security breaches take days, weeks, and months to get detected.
 
According to the Cost of Data Breach study conducted by Ponemon Institute and IBM notes that the average cost of a data breach for the Indian companies has grown from INR 9.73 crore in 2016 to INR 11 crore in 2017. The collateral damage caused by data breaches not only risks the operations of an organization but its very existence.

In all of this while larger organizations have their own challenges to recover from such disasters even after deploying strong security measures. The startups are the one who get highly impacted and most of them can never recover completely and finally get wiped out /lose business. Hence, while they scale their business the key to success and growth will always be around the best security practices that they adopt.

The life of a start-up follows a three-stage development process when looked at broadly from a security angle. It is of vital importance that at every stage of their life cycle, security is given paramount importance and baked into the product right from the inception.

The first stage, or the genesis, is when developers are making the product or service, testing out the software. In a typical scenario, the developer's attention is fully focused on building the product and the intent is to get to the market quickly with a unique product, so security testing and scalability really does not get too much attention at this stage.  However, in the current time, start-ups would be better served with a more prudent approach to have Application testing, secure coding and water-tight vulnerability assessments completed to ensure all loopholes are plugged. A stable and robust application would in the long run playout its benefits and provide a level of confidence to its users. At this stage they need to start preparing for their next stage of growth based on the initial offtake.

Once the product specs are in, and the business gets rolling, we get to the second stage. To scale the business, startups look to the cloud as it provides a more democratized platform to grow the business and compete. At the second stage, identity and access management issues become paramount. This becomes paramount from both the customer as well and the internal audience of the start-up. Identity and access management solutions are available across various environments including enterprise, web, and cloud; and can help derive faster time to market, greater scalability, higher efficiency, while at the same time, cost escalations are kept in control.

As the business gets more mature and the employee count rises, a different aspect of security management comes to the fore. At this third stage, end-point threat and reaction measures take prominence. Increase in a number of people in the organization brings its own concerns around security, as does the number of electronic devices in use in the office environment and for the business. A robust security network that is proactive, and fully focused on securing all end-points is a must. Security protocol to monitor threat assessments, advisories, and patches sent out by the security agencies must be instituted to ensure that events such as WannaCry and Petya do not wreak havoc for want of attention.

Another key element startups need to focus on is IP protection. This is the differentiator, the reason for their being, and the key to their success in the market. In the rush to build the business and all elements that help to bring a being into life, startups need to ensure that their IP is guarded always from various threats. Strong encryption methodologies should be adopted to make sure that data and information are not compromised at any stage.

In today’s competitive age, the ability to leverage available technologies and help companies of all sizes to grow and evolve is what differentiates one solution provider from the other. And as far as start-ups are concerned, the sooner they invest in securing their data, brighter are the chances of them thriving in the industry. The more smartly they invest in having a security strong ecosystem, the more value they can offer their customers and scale business.

-By Kartik Shahani, Integrated Security Leader, IBM India/South Asia