A Free Security Program for Startups
SecurityEscape is a SaaS-based information security consultancy which uses a cloud-based vulnerability identification, industrial expertise and artificial-intelligence approach for aiding organizations facing complex security challenges.
Our key areas of service are application security assessment and penetration testing, with a mission to establish a healthy outlook among entrepreneurs to help them perceive the significance of information security right from the beginning of their app development lifecycle. Our journey began with delivery of cost-effective information security solutions to overseas customer base, mainly of organizations from the USA. We have served diverse customer areas including healthcare, finance, e-commerce and a wide range of other sectors.
Since late-2015, after witnessing a significant growth of start-ups in the Indian business community, we decided to bring our expertise to India. However, making a difference required research into the Indian attitude towards information security. The key to this was to understand where the Indian market was heading with information security requirements, not only for enterprises but also for SMEs and start-ups. Our research was mainly focused to understand the crucial viewpoint of the native market; for instance, how information security affects Indian technology businesses and what are the measures taken to address this. Since there aren’t any cost-effective or easily accessible solutions around, it was also very important to learn how young organizations and start-ups were tackling this problem.
Based on our market research, we reshaped many important aspects of delivering information security solutions, and launched a platform. The platform was, however, not sufficient alone to address SMEs and start-ups, so we launched our start-up program.
Based on our then market research, we reformed several important aspects of delivering information security solutions, and reorganised our modus operandi into a dedicated security platform. The platform was, however, not sufficient alone to address SMEs and start-ups, and thus the idea behind our start-up program was developed.
To understand the core fundamentals of our start-up program, it is important to learn the agenda behind our approach. Our agenda is based on how young Indian companies react to information security, and how the way their view of information security differs from that of global scale organizations.
Some key highlights of this research are:
1. Most organizations in India, large-scale enterprises as well as start-ups, don’t see information security as a real problem. Many of these companies believe their existing technical team is well-qualified to handle all security problems, while others see security as a one-time action and not — as it really needs to be — a regular process.
2. Most organizations are unaware of security exposure in their application’s architecture. They are under the false impression that their product/app is secure and security doesn’t require immediate attention.
3. Major technologically powered start-ups and enterprises do not have robust processes to defend sensitive customer data from a security breach.
4. Even when an organization is concerned about security of their online products, the priority given to getting a security assessment is low due to the lack of technical qualifications, budget, or because precedence is given to other development changes.
5. Three of every five technologically powered start-ups in India suffer from major security weaknesses in their primary business product (E.g. mobile and web applications).
The above points were a result of our research, a major part of which was to reach out directly to start-ups and guide them about their security postures. The primary objective was to attract start-ups towards information security as this particular segment seemed to be most vulnerable among the entire industry. To give an understanding of these claims, we have handpicked two case-studies:
Case #1, A Fin-Tech Start-up:
During 2016, we proposed our security solutions to an actively growing fin-tech start-up. After discussion, we conducted free demo assessments and shared the results which showed that their platform was riddled with critical security loopholes and required immediate attention. In the event, the start-up chose not to take our solutions, and nor did they tell us why.
After a few months, their CEO expressed his concern to us about a threating email from a ransom-seeker. The person behind the ransom-email had breached their security and taken sensitive information about their platform users. When we asked about their unresponsiveness during earlier discussions, we learned that the organization did not have enough budget in place and so pushed security to the bottom of their to-do list.
We collaborated with their team and helped them to identify and address multiple critical vulnerabilities which were the reason behind their security breach. We helped them to:
1. Identify and address multiple critical security vulnerabilities.
2. Understand the importance of regular security assessments.
3. Take steps to avoid loss of sensitive customer data with required encryption.
4. Get compliances and certifications with required industrial standards.
This organization now has more than 50,000 active users, and there has been no subsequent successful security attack. To help them overcome their cash-crunch without compromising security, we decided to provide them with a three-months free subscription to our services. This also helped plant the idea of information security in their developers.
Case #2, An EduTech Startup:
In another event, we discussed security solutions with a rapidly growing educational technology startup, with over 80,000 active users on their platform. This organization turned us down without seeking a demo report, stating that they considered themselves to be in major developmental stage and would contact us when they felt ready to undergo a security evaluation.
A few months later, they contacted us directly. We learned that they had suffered a major website security breach compromising critical customer data, and suspected the data might soon be made public. While reputational damage is inevitable in such cases, we took all necessary steps to assist them with immediate security evaluation and mitigation of all identified risks.
This organization opted to be our long-term customer, and with a steady growth they now boast over 100,000 users without encountering any further undesirable activity with their security.
Our recent released data of customer’s insights into their applications has helped us unlock critical loopholes and fix application vulnerabilities in a number of industries. To get a better understanding of the data surrounding vulnerabilities, Read More.
Impact of Digitalization on Industry:
We are in the second decade of the 21st century. Almost everything is now digital, and what is not yet digital soon will be. The way business is done today means that no one has a choice. That’s great — it introduces a world in which service is better than it ever has been, and “the customer is king” it is a reality and not just a slogan. But transformation to a digital business has brought threats as well as benefits. Companies at risk or those with no security parameters, and those who think they are safe because they have security, but it isn’t adequate.
Start-ups didn’t need any transformation process — they were digital from the start with their core technologies — but they are still threatened by attack because of security elements that should be there and aren’t.
Startup Program:
In their developmental stage, startups don’t have a big technical team. They don’t have the money to cover every single thing they need to do. And, very often, what gets left out is security. Leaving out security can be fatal. That’s why we announced our Startup Program to let boot-strapped startups build secure applications right from the start.
Our program is focused on close collaboration with start-ups to build a secure application architecture with regular assessments. We will mentor and guide startups to make sure their applications comply with privacy laws and that they have all the certifications they need. Start-ups will also have priority support from our leading experts.
A young company cannot afford to compromise customer data, because a young company that does that won’t live long enough to become a mature, established company. Since we began, we’ve learned a number of lessons. They’ve helped us to build a seamless solution for your security problems.
To know more about the program or to apply click here
