real time web analytics
Back Making Information Security a Business Advantage for Every Organization
Ingrum Putz
2018-09-065 min read

A common perception is that information security is simply a “necessary pain in the ass” that organizations don’t want to invest in, implement or think about until they get bigger. And even then, it’s often resented. Smaller enterprises and startups feel like they don’t have the time or resources to put into protecting themselves. That might appear unreasonable, but it makes sense that organizations just starting out might feel that way. Founders are trying to validate their ideas and get their businesses up and running...and it feels like a waste to invest a significant percentage of their cash in security solutions before they even know if they have a viable business!  How can they possibly justify any security investment early on in a company’s life?

Are You From The Past?

Many of the world’s biggest and most successful technology companies started out with almost no consideration for security in their solutions or in their corporate IT.  Some would argue that this is still the best way to get a company started...move fast, break things, and then play catch up when they reach a certain size. Others would argue that we’re worse off because of it...and the world is a different place now.

Today Now that data breaches are in the news every day, some startups think they need to spend years building a “perfectly secure” and “perfectly available” solution before getting it in front of potential customers and validating the idea...and, unfortunately, many find out too late that there is no market for their product. Ouch . Balance

There needs to be a balance between lean startup agility and designing security into a fledgling product and company. But again, how do you justify the security investment? It’s time to treat information security as a business enabler...or better yet, a sales advantage.

According to Barak Engel in his book Why CISOs Fail , the CISO needs to integrate security into an organization’s business operations...not block the business from functioning. The successful CISO understands all facets of the business so they can build security into its fabric...and make security a business enabler. It’s just logical.   What To Do

But what if you don’t have a CISO? If your organization isn’t big enough to justify hiring a CISO or a security team, all is not lost. You can still build information security into your business operations and create a healthy security culture early in your organization’s life. Your customers, employees and investors will thank you for it. Smaller organizations can use the following steps to get started with minimal investment:

Choose an individual to lead the effort (project manager, IT, engineering leader, product leader, sales engineer)
Get an information security management system with security and privacy policies and recommended controls (Yes, like Tugboat Logic)
Refine your policies to align with your business and support the organization’s functional areas to implement controls for compliance
Educate your organization about your security and privacy policies
Use your policies and controls to provide an assurance to your customers (RFPs and security questionnaires), investors (assessments and due diligence) and regulatory bodies (audits) that you are more than ready to do business with.
Get Secure. Build Trust. Sell More. Information security shouldn’t be viewed as inaccessible or a business inhibitor. Security is a business advantage and your organization should treat it that way. Investment in information security, for any size organization, will not only protect you, it will accelerate your business!
TUGBOAT LOGIC INC. © 2019 - BURLINGAME, CA, USA
,