Why startups should be focusing on security from day one
Thursday, February 18, 2016/
Security mechanisms like encryption libraries are not just critical for big corporations like Apple to protect users from government and hackers – they’re also crucial for startups.
Startups need to train up in security during early product development to save themselves from trouble later down the track, Fastly chief security officer and former Mozilla CSO Window Snyder says.
Online startups should seriously consider making a small investment in security training as early as possible, she says.
“Anytime in security training can improve your team’s ability to identify security vulnerabilities and eliminate them early on,” Snyder tells StartupSmart.
This security awareness during the initial design stage can help address key architectural issues before an “entire rewrite” of the product is required to move forward, Snyder says.
“I’ve certainly seen some of those and they can be really painful,” she says.
By addressing security concerns and potential problems in the design process, Snyder says making changes later on can be as easy as working on a whiteboard.
It’s awful the other way round, trying to back security into a product once it’s released and has users to take care of, she says.
“It’s worth spending the time now,” she says.
“It will definitely be rewarding later.”
Leverage security mechanisms like encryption libraries
Facing threats from the US government, Apple has emphasised the need for encryption to protect its users from hackers and criminals.
For startups, Snyder says using encryption libraries and other security mechanisms on popular platforms that have been tried and tested will ensure their products are designed to keep users safe.
She says startups should leverage such security mechanisms whether they’re using Windows, Rails or Linux.
“They’ve all got mechanisms that are going to be better tested than anything you end up developing,” she says.
Snyder says the strength of encryption libraries are revealed over time so the most commonly used ones have a lot more resources to keep them secured and are inspected regularly.
“You don’t have to roll your own, which is dangerous,” she says.
Being a security expert working for giant corporations, Snyder says even with all of their expertise and manpower it’s difficult to identify certain unguarded areas in these systems.
“Sometimes we’ll find vulnerabilities that have been in these crypto libraries for years and it’s not because we’re not looking, it’s because sometimes these things can be subtle,” she says.
For startups with small development teams, they’ll be even less equipped, she says.
“So don’t try and reinvent the wheel,” Snyder says.
From the frontlines
Alan Jones: How to raise investment for a startup with no customers and no revenue Alan Jones M8 Ventures partner
Canva's Melanie Perkins has 10 tips for startups with 'crazy-big dreams' Melanie Perkins Canva co-founder
Why Up's transgender controversy shows there can be no separation between founders and their companies Joan Westenberg StartupSmart columnist
Take a stand: Why being neutral hurts profitability and engagement Steven Maarbani VentureCrowd executive director
The power of passion: Naked Wines' co-founder reflects on what made the startup successful Peta Jecks Naked Wines co-founder
Hipsters, hustlers and hackers: Three instances of everyday bias in startupland Theresa Lim Play2Lead founder
Diversity and coaching will rid the banking sector of its toxic culture problem Hema Kangeson inSpur founder
Why you should find the right role for the right person — not the other way around Bruce Stronge Outfit founder