Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Amit Bareket
Amit Bareket
Connect Directly
E-Mail vvv

Startups Should Do Things That Don't Scale, but Security Isn't One of Them

Emerging businesses that don't embrace scalable security do so at their own peril.

One piece of advice that fledgling startup founders often hear from successful entrepreneurs is to "do things that don't scale," an idea popularized by Paul Graham of Y Combinator. At first, it might seem confusing to recommend ignoring scalability, since any business process that isn't scalable becomes exponentially more burdensome as the business grows.

But focusing on scalability means deprioritizing the type of "above and beyond" efforts that help catapult startups into solvency — like relationships with a startup's first and most crucial customers. These will usually be won only with dedicated, personalized, and all-hours service that is anything but scalable.

Related Content:

Can't Afford a Full-time CISO? Try the Virtual Version

The Changing Face of Threat Intelligence

On The Edge: SASE 101

However, there is one area where startups need to scale from the get-go: security. Emerging businesses that do not embrace scalable security do so at their own peril. Thankfully, building scalable security practices requires far less investment and effort than it once did.

Why Startups Need Scalable Security
Startups are especially attractive targets to hackers due to a combination of limited resources and the proliferation of business models that revolve around collecting customer data. In fact, research shows over 67% of companies with under 1,000 workers have experienced a cyberattack, and 59% were successfully breached.

Investing in scalable security is a startup's best hope at defending against an attack that statistics say it should expect. Lack of scalability in security detracts from efficiency and opens gaps in a startup's networks. It forces IT to preoccupy itself with the endless application of security to new resources and users rather than with optimizing or monitoring. In these cases, companies are often too busy working in the trenches to notice they've been hacked until it's far too late.

It's not all bad news, however. Security is no longer a zero-sum game. It has been commoditized into various products in recent years, allowing young companies to balance its risks and rewards by scaling in pieces that won't become obsolete or demand too much attention from IT.

Thinking Scalably About Security
Security processes like encryption, firewalls, and authorized access once required hardware and lots of work to operate at scale. They can now be easily integrated and extended across growing companies on-demand through the cloud, but it's important to adopt security tools at a manageable pace while making sure they do not clash or require too much effort from IT.

One excellent way to strike this balance is to assess existing threats at milestones of growth, continually discussing the trade-offs between adopting or not adopting new security technologies. For a small business that sees every threat as an existential one, this can mean identifying its breakeven point on a sliding scale of risk and then, based on relevant factors, deciding which security solutions should be integrated next.

If your company is smaller than 10 people, for instance, it's worthwhile to adopt two-factor authentication and a cloud provider that will batten down the hatches on your resources to the point where hackers won't take interest. Once you're up to 20 employees, you likely have enough value to justify a permanent security hire and the firewall-as-a-service traffic monitoring solution they'll be responsible for. Past 50 employees? You might want to consider network segmentation and granular access rule management.

New Ideas Remove Barriers to Scalability
New practices, like zero trust, have gained traction over the past few years, as they provide a clear path toward singular, persistent models for scalability.

Zero trust is the idea that no user can be entirely trusted within your network. It uses widely available yet relatively new technology to help companies craft and automatically assign access policies based on user identifiers. Even young startups can piece together this type of long-lasting, scalable security foundation without many tools.

Scalable security was once a resource- and time-intensive process for startups and small businesses — all but unattainable. As security tools have evolved and new methodologies, like zero trust, have come to the forefront, startups are gaining access to technology and processes that can quickly and easily grow with them. With that in mind, startups might want to build one thing that does scale: their security.

Amit Bareket is the CEO and co-founder of Perimeter 81. Amit is a cybersecurity expert with extensive experience in system architecture and software development. He is the author of eight patents issued by the USPTO for storage, mobile applications, and user interface. Prior ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-25
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
PUBLISHED: 2021-02-25
An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.
PUBLISHED: 2021-02-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
PUBLISHED: 2021-02-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
PUBLISHED: 2021-02-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.