Information Security is booming, it is a large business, with software and technology that can be bought off the shelf and slapped onto a network. Policies, procedures, documented steps for everyone from service desk through to management responses to incidents are fairly well established. We have ISO standards from ISO 17799 and 24001; we have rules like HIPAA, SOX, and GLB.
We have available to us everything we need to develop a well run, well documented information security department.
Web 2.0 companies are often small, niche, and provide a lot of connectivity to back end systems across multiple partners and multiple systems. In the Limiting Web 2.0 API’s article, and Web 2.0 startup information, the barriers of access to starting a web 2.0 company either through bootstrapping or angel funding is not hard to accomplish.
With lower barriers of access, more companies are going to show up on the internet providing a mashup of various API’s, and various levels of functionality.
The security part however from what I have seen is often overlooked in favor of getting the company on the net, getting the population to use the technology, and working to be the next MySpace or YouTube.
The interesting part about MySpace and YouTube is that information security, privacy, intellectual property protection, and other information security issues are and have been a secondary thought to making it big and being bought out. While MySpace and YouTube are classic examples, the security principles around web 2.0 can be incorporated early on in the process, but there is a lack of implementation in web 2.0 startups that is obvious.
The focus of having simple, implimentable information security in a startup company, where the needs of the company blend in with good solid implimentable information security is required. These small companies need the creative information security person, who understands business, understands what the company is trying to do, and enthusiastically embraces the business while doing what is needed to keep customers, users, and the business safe.
Looking at the back end API’s, command sequence structures, processes, UI development, JavaScript development and working through issues from systems management, to security management, through to the end user experience. Start up Information Security folks need to do this and more, including installing, running, and maintaining information security equipment and sensors.
Being a multi threaded information security person in a startup, or startups that hire contractors to review code, network and API’s, the technology is fascinating.
Over the next year, we will be focusing on the best of the best, small start up companies that are doing something amazing, doing something new and original, while maintaining attention to the user experience, and safeguarding user data, or providing protection mechanisms around their own or barrowed API’s.
This is one of the best times to be in the information security business, with many smaller companies that can benefit from taking a proactive stance towards information security. The demands on the industry for smarter and faster information security consultants or in-house assets are going to increase. This will require a large number of highly creative information security people with business acumen and solid skills.
If you have a start up company that incorporates information security as part of the business process, and wish to be interviewed, please contact me at this blog and let me know, we can set up a 30-minute e-mail interview.
