Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Amit Bareket
Amit Bareket
Connect Directly
E-Mail vvv

Startups Should Do Things That Don't Scale, but Security Isn't One of Them

Emerging businesses that don't embrace scalable security do so at their own peril.

One piece of advice that fledgling startup founders often hear from successful entrepreneurs is to "do things that don't scale," an idea popularized by Paul Graham of Y Combinator. At first, it might seem confusing to recommend ignoring scalability, since any business process that isn't scalable becomes exponentially more burdensome as the business grows.

But focusing on scalability means deprioritizing the type of "above and beyond" efforts that help catapult startups into solvency — like relationships with a startup's first and most crucial customers. These will usually be won only with dedicated, personalized, and all-hours service that is anything but scalable.

Related Content:

Can't Afford a Full-time CISO? Try the Virtual Version

The Changing Face of Threat Intelligence

On The Edge: SASE 101

However, there is one area where startups need to scale from the get-go: security. Emerging businesses that do not embrace scalable security do so at their own peril. Thankfully, building scalable security practices requires far less investment and effort than it once did.

Why Startups Need Scalable Security
Startups are especially attractive targets to hackers due to a combination of limited resources and the proliferation of business models that revolve around collecting customer data. In fact, research shows over 67% of companies with under 1,000 workers have experienced a cyberattack, and 59% were successfully breached.

Investing in scalable security is a startup's best hope at defending against an attack that statistics say it should expect. Lack of scalability in security detracts from efficiency and opens gaps in a startup's networks. It forces IT to preoccupy itself with the endless application of security to new resources and users rather than with optimizing or monitoring. In these cases, companies are often too busy working in the trenches to notice they've been hacked until it's far too late.

It's not all bad news, however. Security is no longer a zero-sum game. It has been commoditized into various products in recent years, allowing young companies to balance its risks and rewards by scaling in pieces that won't become obsolete or demand too much attention from IT.

Thinking Scalably About Security
Security processes like encryption, firewalls, and authorized access once required hardware and lots of work to operate at scale. They can now be easily integrated and extended across growing companies on-demand through the cloud, but it's important to adopt security tools at a manageable pace while making sure they do not clash or require too much effort from IT.

One excellent way to strike this balance is to assess existing threats at milestones of growth, continually discussing the trade-offs between adopting or not adopting new security technologies. For a small business that sees every threat as an existential one, this can mean identifying its breakeven point on a sliding scale of risk and then, based on relevant factors, deciding which security solutions should be integrated next.

If your company is smaller than 10 people, for instance, it's worthwhile to adopt two-factor authentication and a cloud provider that will batten down the hatches on your resources to the point where hackers won't take interest. Once you're up to 20 employees, you likely have enough value to justify a permanent security hire and the firewall-as-a-service traffic monitoring solution they'll be responsible for. Past 50 employees? You might want to consider network segmentation and granular access rule management.

New Ideas Remove Barriers to Scalability
New practices, like zero trust, have gained traction over the past few years, as they provide a clear path toward singular, persistent models for scalability.

Zero trust is the idea that no user can be entirely trusted within your network. It uses widely available yet relatively new technology to help companies craft and automatically assign access policies based on user identifiers. Even young startups can piece together this type of long-lasting, scalable security foundation without many tools.

Scalable security was once a resource- and time-intensive process for startups and small businesses — all but unattainable. As security tools have evolved and new methodologies, like zero trust, have come to the forefront, startups are gaining access to technology and processes that can quickly and easily grow with them. With that in mind, startups might want to build one thing that does scale: their security.

Amit Bareket is the CEO and co-founder of Perimeter 81. Amit is a cybersecurity expert with extensive experience in system architecture and software development. He is the author of eight patents issued by the USPTO for storage, mobile applications, and user interface. Prior ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-13
File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious user execute arbitrary PHP code.
PUBLISHED: 2021-05-13
Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php.
PUBLISHED: 2021-05-13
A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.
PUBLISHED: 2021-05-13
A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
PUBLISHED: 2021-05-13
A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash.