Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

12/14/2020
10:00 AM
Amit Bareket
Amit Bareket
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Startups Should Do Things That Don't Scale, but Security Isn't One of Them

Emerging businesses that don't embrace scalable security do so at their own peril.

One piece of advice that fledgling startup founders often hear from successful entrepreneurs is to "do things that don't scale," an idea popularized by Paul Graham of Y Combinator. At first, it might seem confusing to recommend ignoring scalability, since any business process that isn't scalable becomes exponentially more burdensome as the business grows.

But focusing on scalability means deprioritizing the type of "above and beyond" efforts that help catapult startups into solvency — like relationships with a startup's first and most crucial customers. These will usually be won only with dedicated, personalized, and all-hours service that is anything but scalable.

Related Content:

Can't Afford a Full-time CISO? Try the Virtual Version

The Changing Face of Threat Intelligence

On The Edge: SASE 101

However, there is one area where startups need to scale from the get-go: security. Emerging businesses that do not embrace scalable security do so at their own peril. Thankfully, building scalable security practices requires far less investment and effort than it once did.

Why Startups Need Scalable Security
Startups are especially attractive targets to hackers due to a combination of limited resources and the proliferation of business models that revolve around collecting customer data. In fact, research shows over 67% of companies with under 1,000 workers have experienced a cyberattack, and 59% were successfully breached.

Investing in scalable security is a startup's best hope at defending against an attack that statistics say it should expect. Lack of scalability in security detracts from efficiency and opens gaps in a startup's networks. It forces IT to preoccupy itself with the endless application of security to new resources and users rather than with optimizing or monitoring. In these cases, companies are often too busy working in the trenches to notice they've been hacked until it's far too late.

It's not all bad news, however. Security is no longer a zero-sum game. It has been commoditized into various products in recent years, allowing young companies to balance its risks and rewards by scaling in pieces that won't become obsolete or demand too much attention from IT.

Thinking Scalably About Security
Security processes like encryption, firewalls, and authorized access once required hardware and lots of work to operate at scale. They can now be easily integrated and extended across growing companies on-demand through the cloud, but it's important to adopt security tools at a manageable pace while making sure they do not clash or require too much effort from IT.

One excellent way to strike this balance is to assess existing threats at milestones of growth, continually discussing the trade-offs between adopting or not adopting new security technologies. For a small business that sees every threat as an existential one, this can mean identifying its breakeven point on a sliding scale of risk and then, based on relevant factors, deciding which security solutions should be integrated next.

If your company is smaller than 10 people, for instance, it's worthwhile to adopt two-factor authentication and a cloud provider that will batten down the hatches on your resources to the point where hackers won't take interest. Once you're up to 20 employees, you likely have enough value to justify a permanent security hire and the firewall-as-a-service traffic monitoring solution they'll be responsible for. Past 50 employees? You might want to consider network segmentation and granular access rule management.

New Ideas Remove Barriers to Scalability
New practices, like zero trust, have gained traction over the past few years, as they provide a clear path toward singular, persistent models for scalability.

Zero trust is the idea that no user can be entirely trusted within your network. It uses widely available yet relatively new technology to help companies craft and automatically assign access policies based on user identifiers. Even young startups can piece together this type of long-lasting, scalable security foundation without many tools.

Scalable security was once a resource- and time-intensive process for startups and small businesses — all but unattainable. As security tools have evolved and new methodologies, like zero trust, have come to the forefront, startups are gaining access to technology and processes that can quickly and easily grow with them. With that in mind, startups might want to build one thing that does scale: their security.

Amit Bareket is the CEO and co-founder of Perimeter 81. Amit is a cybersecurity expert with extensive experience in system architecture and software development. He is the author of eight patents issued by the USPTO for storage, mobile applications, and user interface. Prior ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: George has not accepted that the technology age has come to an end.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26814
PUBLISHED: 2021-03-06
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service sc...
CVE-2021-27581
PUBLISHED: 2021-03-05
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
CVE-2021-28042
PUBLISHED: 2021-03-05
Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.
CVE-2021-28041
PUBLISHED: 2021-03-05
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
CVE-2021-3377
PUBLISHED: 2021-03-05
The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.