Tech Startups Add These Product Security Features Right Now

Our LS/IQ virtual CISO customers often struggle to balance making new features instead of spending time building security features. Engineering managers in small tech companies always prefer to sit down and code the next big thing to sell their product.

Adding security controls early in a product life cycle isn’t interesting enough and rarely is enough to capture investment. However, adding product and infrastructure cybersecurity features now is far less expensive than adding them later.

Many of our customer stories begin with,

Our LS/IQ Virtual CISO guides engineering managers to make strategic plans for implementing cybersecurity features in a product. In short, the VirtualCISO makes engineers heroes when it comes to cybersecurity product features.

Here are four quick tips on features to add right now that have both engineering and cybersecurity value.

Implement encryption on everything from the beginning
At one point in time, engineering could make reasonable arguments not to implement encryption everywhere. For example, it was once accurate to state encryption caused processing overhead, and certificates were too expensive. Both statements are precise rarely anymore. It is far less costly to add encryption now than later. Using encryption also helps to reduce the risk of data exfiltration.

Use 2-factor authentication on everything
Enforcing 2-factor authentication on all systems is one of the least expensive and most valuable methods to strengthen user access authentication. Besides, with so many reputable 2-factor authentication products and services on the market, implementation costs are relatively low.

Centralized logging
On day 1 of any new project, set a standard configuration where all systems and applications log all information to a centralized source. Centralized logs aid in the development and error handling processes. Also, having centralized logging creates a significant benefit in the detection of potential nefarious activities.

Metrics
Recalling the adage of “that which is measured improves,” it’s essential to start measuring day 1. From an engineering management perspective, track standard metrics such as the effort to build features and the team’s velocity. As far as cybersecurity-related metrics, try measuring: number of bugs, number of vulnerabilities found in open source tools you may be using, how many commits are peer-reviewed, how much of the code has passing tests.

LSIQ Virtual CISO Logo

We completely understand that cybersecurity is not always top of mind on new projects. Everyone falls into the same situation at some point in their career. The LS/IQ virtual CISO is there to help you better understand when and where to add security measures in infrastructure security and product development. Sign up for your own demo of our Virtual CISO.