Early in the life of most start-ups, many significant elements are overlooked, such as cybersecurity and Zero Trust adoption. Here, Alonso Bustamante, Senior Director, Strategy & M&A at Cloudflare, talks about what start-ups need to consider in order to build a reliable and scalable business.
New start-ups are emerging at a rapid pace. Companies House reported that almost half a million new businesses were registered in the UK from 2020 to 2021. From AI tools that hope to combat environmental concerns, to digital platforms to help people struggling with burnout and innovations in the crypto economy and metaverse – start-ups are set to change things as we know it.
At the beginning of a business’ growth journey there is incredible hustle, creative problem-solving and making the impossible possible. But even the best new ideas won’t get far without establishing the right foundations. To get to each next stage of growth it’s crucial that any Internet applications (domains, social media accounts etc.) are secure and high-performing.
You wouldn’t build a house without considering anti-flood or fire risks from the beginning. Not considering security from day one of your start-up is the equivalent. Start-ups that are digital-native should also be cloud security-first. Security savviness, attitude and culture have to come from the CEO – living and breathing it from the top-down, from the start.
As a start-up, what do I need to do?
Know your assets. Begin by mapping all the business, employee and customer information you have and your Internet-facing assets, such as your website, email, servers, SaaS applications, databases and mobile applications. This is the only way you’ll have a true understanding of all possible security risk exposures (your attack surface area) and then go on to be able to protect your brand, customers, product, supply chain, services etc.
All known assets can then be monitored, analysed, patched and updated as necessary, regardless of whether some are on-premises and some are in the cloud. And you can continually add to your map as your network expands. This unrivalled visibility of your infrastructure will set you apart early on, and with this foundation, you can ensure that security is hardwired into every aspect of your business’ operations.
Continuous monitoring and validation
Adopting a Zero Trust approach to your network security is a crucial next step once you have your assets in order. Zero Trust is a holistic IT security model that’s based on the principle of not trusting anyone by default and implementing strict access controls. Taking your mapped assets you can discover, categorise and control access to everything in your organisation and prevent the use of unapproved applications too.
When resources are protected with Zero Trust access restrictions, users are only allowed to access resources after verifying details such as their identity and device and the context and policy adherence of each specific request as necessary. This is because attackers can be both within and outside of your network, so it’s best not to automatically trust any machine or user.
This might sound like it could slow you down but with the right technology provider, it doesn’t have to. Authenticating legitimate users, preventing unauthorised users or risky devices from accessing your files or data, or giving privileged technical users access to your critical infrastructure remotely without experiencing trade-offs is all safe and fast with Zero Trust.
Securing inboxes
The beauty of a Zero Trust approach is that it secures your organisation’s entire risk landscape, with layers of defence purpose-built to work seamlessly together. Email security must be part of this as one of the most critical of today’s business applications.
A staggering 316.9 billion emails were sent and received every day in 2021, set to increase to 376.4 billion by 2025. Email is one of the largest cloud applications for any business, one of the biggest security threats organisations face and the number one place where security threats often originate. Spam filters are not enough.
Primary risks are malicious phishing emails (an email that attempts to steal money, identity or personal information through a spoof website link that looks legitimate) and business email compromise campaigns (an email that looks like a known source to an employee asking to e.g., to wire an amount of money) that can both be incredibly costly. The National Cyber Security Centre (NCSC) reported in August 2021 that phishing email attacks had cost UK organisations more than £5 million in the past 13 months.
However, it doesn’t have to be expensive or complex to mitigate these email vulnerabilities. There are providers that offer an easy way to block phishing, malware, business email compromise and other advanced threats. Mitigation techniques include blocking phishing attempts in real-time and proactively hunting for attacker campaigns and domains impersonating your brand.
Building in high-performance
You should also build the Zero Trust mentality into systems and code as you develop products – not as an afterthought at the end of a development life cycle.
Serverless technology – such as Cloudflare Workers – means start-ups can build and run applications without maintaining or configuring infrastructure to run code, manage data and integrate applications. You just write the code and then it’ll be deployed across the globe in milliseconds to your users, delivering exceptional performance, reliability and scale.
This enables start-ups to adapt to customer needs fast. Your developers can build high-performance, low-latency applications that automatically scale from zero to peak user demands.
Planning for growth
As a start-up leader, you have enough on your plate without worrying about the possibility of a cyberattack or an outage. Achieving a cloud security-first culture is a must from day one. With a centralised solution for security, performance and reliability and a Zero Trust approach at the heart you’ll be set up for long-term success.