When startups ask me for advice on how to secure their organization, the first thing I ask them is what their business, mission, and values are. You can't approach cybersecurity as a plug-and-play solution. The idea that you can call up a vendor, buy a software license and expect everything to be magically secure without any intervention on your side is unfortunately not realistic. The security and the future of your business depend on what your goals and targets are, and your security needs must reflect as such. If you are only thinking about security generically, you are very likely missing components of security that are unique to your business model and the customers you serve.
Whether your startup is setting up an innovative app for online commerce or is out to sell carbon offsets and donate the profits to an NGO, one thing is certain: each project has its unique mission and purpose. But what does your business goals, targets, values, and mission have to do with cybersecurity? Everything.
How your startup manages its data and customers' and partners' data not only defines its values but also helps establish cybersecurity architectures. Furthermore, data security can drive performance, improves insight and analytics, enhances opportunities, meet compliance, and help you avoid risks. Known as data governance, this is the pillar on which startups are built, whether they know it or not. Data governance can make or break your company.
In the simplest of terms, cybersecurity is just a component of data governance. Data governance is all about how you manage data in all its cycles, from input or gathering to storage, distribution, and disposal. Data governance is a framework every organization working with data should have. Whether your startup is small, medium or large, data governance is unavoidable—cybersecurity is merely the process of securing that data.
When you hear stories like the recent Uber breach allegedly done by an 18-year-old hacker, or when you learn that small U.S. counties, schools, or hospitals were hit by ransomware, you should know that these are not cybersecurity failures. They are examples of data governance gone wrong.
The impacts of poor data governance and data security extend well beyond cybersecurity: companies experiencing a massive loss of customers, unable to navigate the economic slowdown, or pivot supply chain disruptions. Legal challenges of data governance even affect big tech like Apple, Google, or Amazon, who are now once again facing pressure from European watchdogs. Data governance is at the heart of everything a company does. So how can you build good data governance and secure your data? Here are two concepts and a new technology that can inspire your journey and guide your work.
All Your Data is a Product
Where should you start when trying to secure your data? Start by looking at data from a different perspective. McKinsey brings a fascinating but not unique approach: data products.
A data product is usually known in the industry as a final consumer-based product developed by a company. For example, Gartner, Research and Markets, or even streaming on-demand companies sell data products. However, the concept of data products can also be applied as an approach to managing data. If you treat all of your data, whether internal or external, to be used to make decisions or distributed among your clients as a data product, you ensure the quality, efficiency, reliability, and security of all your data.
As a startup, your best data is probably reserved for use as a product. If you think about it, no company will release a product to the market without testing it, double-checking it for errors or misconfigurations, and ensuring it is safe and valuable. Treating all your data as data products is a significant shift in mentality and a necessary one.
Next in line is to align your business strategy, the mission, and the values of your company with your data governance framework. As mentioned before, your cybersecurity and how your startup manages data need to be designed to support your business goals.
Take Quick Wins with Your Data
The way to deploy and execute your data governance program is through your people, processes, and tech. Make sure you have the right people for the job, and that they are skilled or can be leveled up for the task. Why? Data is mainly a people business. Data security is not about your processes, your technology, or how secure your firewalls are. Data will flow through all levels of your startup through your people.
Once you have the right people and have set their data roles, they will be responsible for building the right processes and will inform you on the technologies they need to get the job done. As Accenture explains, data products can help organizations create new revenue streams, improve decision-making and boost efficiency; therefore, it is a competitive differentiator.
Treating all your data like a product may seem like a Big Bang approach, but it is rather about taking quick and fast wins. In the end, no matter how complex or straightforward your operation and business is, you will probably use data for two to five cases. Each case requires a team to develop data products for that specific case. For example, the sales and marketing team, the internal reporting teams, or the external data sharing team. In this model, each data team is responsible for cleaning the data, securing it, and managing it as a product.
This approach to data security brings benefits that traditional cybersecurity approaches—that only limit themselves to dealing with attacks—cannot even dream of providing. When top-level executives make daily decisions based on data products, the outcomes will be of higher quality due to the nature of the quality of the data that they are using. The same is true for every department or area in a company,
Data governance and data products simplify security, automate compliance, decrease risks, and boosts your startup's and workforce's performance. This is not a “once and done” solution; data governance continually evolves and benchmarks against milestones, targets, and progress.
Move from the Cloud to the Edge
Unless you have been living under a rock in the metaverse, you know all about digital transformation, global cloud migration, 5G, A.I., machine learning, and how every company today is a digital company. So naturally, when considering building your data architecture, processes, and systems, turning to cloud vendors who offer built-in cutting-edge solutions that keep everything secure while providing you with innovation seems the best fit. But it's not that cut and dry.
If you are running Big Data and need to run it live, no matter how attractive the cloud and 5G may sound, they might not be the ultimate solution for your business. Sending massive amounts of data from where you operate to distant cloud data servers consumes time and money and creates management and security risks.
Edge computing brings your data processing as close to your operations as possible. Edge computing is how leading companies can run complex data operations with faster speed, bandwidth relief, improved data management, and better security. Security is one of the main benefits of the edge. Data on the edge is not stored online but in the device, nodes, or edge centers, which makes remote hacking virtually impossible.
On the other hand, edge computing connected by 5G allows innovations like IoT and AI-driven applications. Retailers use edge computing to support instant payment in all locations, and banking and finance use edge computing to power biometrics, reducing fraud and increasing financial inclusion. Remote operations like oil rigs or mining use the edge to run IoT smart devices and sensors that automatically scan infrastructure in search of vulnerabilities, as Microsoft Azure reveals. The plasticity and power of the edge is endless.
When combined with automation and the tools of the cloud or hybrid cloud environments, the edge is key to unlocking your startup's potential and provides endpoint and IoT cybersecurity benefits. Only the most critical data in edge computing will travel to the leading data center for further analysis or business decision-making, this brings costs down and security levels high.
There is no arguing that cybersecurity solutions and a robust cybersecurity awareness program that strengthens the human element are necessary. However, these should only be a part of the wider data mechanisms.
A solid data governance strategy and changing your perspective on what data is (and why it’s the next commodity) is how you can secure not only your organization from an attack but ensure its future. Look at your data with different eyes, treat it as something more than an element that needs to be protected from a breach and your data will take you anywhere you want to go.
Taylor Hersom is Founder and CEO of Eden Data.