BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Three Reasons Big Companies Should Work With Security Startups

Following
POST WRITTEN BY
Lior Div
This article is more than 9 years old.

Companies spend millions of dollars on information security, but still fall victim to damaging cyberattacks. There are two main reasons for this. One, corporate information security is for the most part, still an arms race in which organizations rely on an arsenal of point products that, when deployed in unison (at least theoretically), deliver “defense in depth.” Two, hackers constantly evolve their tools and tactics in order to evade detection, invariably finding ways to circumvent, trick or otherwise work around even the most promising security technologies.

This dynamic places chief information security officers (CISOs) on a hamster wheel. Product investments are costly and time consuming, only to have their long-term value/ROI degraded by changes in the threat landscape. Addressing those changes usually requires additional investment in more new technologies that need to be integrated and aligned with existing defenses. The complexity of managing these systems is formidable, requiring highly skilled staff with a working knowledge of specific products as well as the ability to determine how those products can and should work together.

Adding to an already complicated buying environment is the fact that FUD (fear, uncertainty and doubt) is still the primary sales tactic for selling cybersecurity. It is too easy for sales reps to get in the door with a well crafted pitch that details how their product can prevent their company from being the next Target, Sony, UPS, JPMC, etc. They may not be wrong, but it injects cynicism and distrust, into the sales cycle.

Then there is the time-to-market conundrum. New technologies almost always need significant upgrades as critical functionality become evident. Larger security software companies, due to their size and the need to cater to a sizable customer base, tend to be slower to respond to shifting customer requirements. Security startups are more agile and can meet customer requirements faster, but large companies can slash prices or give away new features/ functionality for free, even of that functionality isn’t as developed or robust as a competitive solutions.

While large companies are just as committed to innovation as startups are, most invest in innovation via acquisition not incubation, which means the future of infosec relies heavily on the ability of innovative start-ups to create and validate new approaches to securing digital assets. While working with young companies has its own set of risks, more often than not information security practitioners are more than willing to work with them, because working with startups offers three big benefits

Influencing Innovation

Startups are the ground zero for innovation: it is where the seeds of innovation typically are, as they constantly question the status quo and apply creative approaches to solving a specific problem. Being an early adopter gives the buying organization the power to influence and shape new technologies without having to build it in house. Since startups are by definition more agile and their solutions are early-stage, the technology matures faster than solutions from larger companies. Working alongside a startup is also a great opportunity to learn and keep up-to-date with the latest and greatest technologies.

Interacting with Top Talent

Startups attract the best talent and are known for employing individuals with more hands on experience. Typically the culture in startups is more open than in larger companies. Startups are more conducive to cooperation and mutual learning in order to turn a vision into a product. In addition, being close to the hacker community is key for developing products that are relevant to today’s adversaries, and security startups typically have better chances of hiring ex-hackers who have a deep understanding of the adversarial mindset. The best big-company customers treat a startup as an extension of their own team and use their knowledge and expertise to training house staff.

Receiving Exceptional Customer Support

While the common belief is that larger companies provide better customer support because they have robust teams and systems in place, this is not necessarily the case. There is true value in being an early customer rather than being one of thousands. To larger companies, you are as valuable as the amount of revenue you bring in while to a startup their customers provide far more. Startup customers tend to be design partners and provide vendors with unfiltered knowledge and feedback, network/market access, a testing environment for the product and opportunity for integration with other solutions. This unique customer-vendor relationship, when combined with the overall startup culture and attitude ignites a strong desire within the company to excel and delight the customer.

Mitigating The Risk: What To Look For In A Startup Product

When an organization decides to be an early adopter of an emerging technology, there are always risks. However, one can mitigate these risks by focusing on solutions that:

  • Show Immediate Value In A Short-Term Proof Of Concept (PoC)

Testing the product in your own environment gives you the ability to evaluate its value in context of your organization’s business processes and operations.

  • Can Scale Up According To Your Needs

Working with an early stage company there is always a risk that the technology is still not mature enough to scale. To mitigate this risk, adopt a “Land and Expand” Strategy. Start with a small deployment and then incrementally expand to a broader environment.  Set clear milestones and success metrics with the vendor for each phase.

  • Require the Least Amount of Customization and Configuration 

Time to value is an essential element in getting faster results. When working with a startup, look for solutions that can provide immediate value and do not add a significant management burden on your team. This should translate into “quick wins” where you can demonstrate the value of the product up the food chain.

  • Are Built to Integrate with Other Products

There is no single silver bullet for security, so companies that have a sense of where their products will fit within a larger eco-system and leverage APIs and other means to make it easy for their customers to maintain true “defense-in–depth.”

Lastly, when working with a startup one should also assess their future and value in the long run. Startups are usually strong on vision, but their ability to execute is still unknown.  So do your due diligence - make sure to ask about their financials, long terms roadmap and exit strategy.  Even if a company says it plans to IPO, most security start-ups are acquired, so whose support queue you’ll be calling into 5-10 years down the line is an important consideration.  Start-ups that are confident about their long-term prospects will not balk at these conversations, so listen carefully.  The most successful startups not only deliver innovation…they sustain it.