CSO Online, October 9, 2018, with comments by Atiq Raza;
Cybersecurity startups are in a unique position to assist organizations with their security. They can move and react more nimbly to situations and bring innovations to market quickly, sometimes faster than their larger competitors. They sometimes can be more available and provide more customized services.
But there are risks as well. Perhaps their financial situation won't be stable for the long term, or they may be bought out and their technology changed or discontinued. Or, despite best intentions, they could make errors that aren’t in the best interests of your security.
To avoid these downfalls, CSO gathered feedback from security professionals and veterans in the cybersecurity industry to form a list of 7 best practices for working with cybersecurity startups.
One of these professionals is Atiq Raza, who has experience on both sides. Currently, he’s CEO of Virsec, a Silicon Valley cybersecurity startup. But previously he worked for large companies, including being president of AMD for a time.
On the subject, he shared, "I have managed major organizations with hundreds of key vendors. For some functions, you want conservative, well established vendors with a long track record of doing one thing very well. But for many functions, including security, you also need the latest, most effective and most innovative solutions – typically from younger companies."
He continued, "There are inherent risks to working with smaller innovators, but for the right pieces, smart organizations recognize the benefits. That includes flexibility, speed, creativity and ability to innovate. By not being locked into a fixed mindset or methodology, and not being tied down by existing technology, they have the freedom to be disruptive, challenge assumptions, and create the first generation of game-changing technology. This is why startups routinely beat established companies in driving new markets.”
For continued advice, CSO assembled the feedback from its interviewed professional experts and compiled the list of 7 best practices below for working with cybersecurity startups.
1. Perform a due diligence check
2. Be prepared for a larger company to acquire the startup vendor
3. Look for real-world use cases
4. Check the technical and business backgrounds of key personnel
5. Try both product and support before you buy
6. Evaluate the startup’s own security practices
7. If you can’t vet properly, go with an established vendor
See full CSO Online article for complete details on each of the 7 practices.