If you’re starting a small business, then you’re probably going to be utilising cloud technologies, for cost saving if nothing else. But without security, your ambitions could be over before they have begun.
A new whitepaper from the Cloud Security Alliance (CSA) aims to help software as a service startups build solid security foundations early into the product development cycle and gain customer trust in the process.
The key for startups, according to the paper, is to plan their security posture according to the progress they make in funding and product development. In the inception phase – when money is tight – startups need to focus on laying building blocks for potential security need. When the first paying customers arrive, the strategy should accelerate, and then when the company has a solid presence, a more mature security posture needs to come through.
There are various tips throughout the paper. For a start, the CSA recommends organisations be transparent about their security. “Offering your clients some useful security insights regarding the best ways to integrate your service into the client’s environment may position you as a trusted advisor,” the report notes. “This proactive approach may help you earn your client’s appreciation when they go to evaluate your company’s security risks.”
Another key is for organisations to understand the shared responsibility model – a bugbear this publication has frequently noted – as well as considering deploying to more than one region in its cloud provider platform to increase resilience to region-level failures.
“In today’s risk environment, young startups find themselves challenged on how to best align security with current and future business growth,” said John Yeoh, research director at CSA in a statement. “In creating this paper, we hope that startups, regardless of industry or geography, will find it a valuable tool in understanding, addressing and applying trusted and best practices for creating a secure computing environment.”
You can find out more about the report here (registration required).