When startups are getting off the ground, they are worried about building and shipping products. Security is not usually a number one concern, especially if it’s not part of their core business.
It is only after time, and the acquisition of some enterprise customers, that a lot of startups realize the necessity of security, both for customers and employees in day-to-day operations. But how do they make a focus on strong security part of their daily culture?
Kai Gray, VP of Security at Carbonite, has worked with six or seven startups during his career. Along the way, he picked up a few tricks in how to implement security into a startup. Gray sat down with Dyn’s Jake McAleer, Director of Platform Operations, and shared some of them.
“One of the things that’s always difficult is trying to sell the investment in security,” Gray said. “It is not revenue generating per se and it’s much more of an insurance plan.”
Gray said one of the benefits of startups is that they don’t have a long history and unfortunately, that means they don’t have a memory of a security issue. He recommended bringing in people who have had those experiences and can tell stories about why they need to be avoided. He said once people realize this, it’s easier to make the extra effort on a daily basis. Eventually, this becomes the pervasive culture, which is then picked up by new employees.
Gray is a member of Dyn’s Thought Leadership Council (TLC), which meets yearly at Dyn’s corporate headquarters in Manchester, NH, to offer in-depth feedback and guidance.