Starting a new business by definition is risky. It’s why early on in Silicon Valley you heard that catchy, albeit completely ill-conceived motto of ‘fail fast, fail often.’
But while entrepreneurs understand many aspects of the careful balance of risk versus reward – the successful ones anyway – consideration of the security of systems and data often comes later. It’s not ignored, mind you. But whether it’s a line item in the business plan presented to venture investors is another story.
Shouldn’t it be though? Considering how vulnerability management evolves right along with a business’s growth trajectory, shouldn’t every milestone in business expansion bring new security considerations? From startup, to small business, to mid-size business to enterprise: how does a company evolve its investments and priorities to ensure security keeps up with expansion? Vice versa, how does a startup avoid overinvesting too soon, sacrificing pressure dollars?
That is the puzzle that I’ll be tackling with Michael Smith, CEO of Rising Tide Cybersecurity Management, during SC Media’s Vulnerability Management Virtual Conference, Dec. 16-17. And it is a puzzle. As Smith told me recently, enterprise security is built for stability, while startup security is built for speed. But in all cases, investment in vulnerability management can make or break a business – depending on whether it’s done right or done wrong.
Consider the company developing a health care app; certainly, that company will need to comply with HIPPA regulations in its handling of patient data. But it might not make economic sense to filter those venture capital funds into compliance during the early days of app development, before the business even has any users. Of course, do it too late and the company could fall behind on the plan for rollout. Consider too the small business looking to get acquired: invest too much in security and watch your liquidity disappear; invest too little or invest wrong, and market value takes a hit.
Like I said, it’s a puzzle.
Be sure to register to catch my conversation with Smith on these very topics, and while you’re at it, tune in to hear Brandon Hoffman, chief information security officer at Netenrich; Malcolm Harkins, chief security and trust officer at Cymatic, and many more incredible speakers as we break down the modern-day security leader’s approach to vulnerability management.