Security like a start-up? Better not!

Recently I stumbled upon a blog post with a title starting with the words “Do security like a start-up…”. That rang my inner alarm bells! When reading the post I became relaxed again. It was about the need for business and IT to work together and the recommendation to look for more generalists rather than specialists – both aspects I fully buy in to even while acknowledging that good generalists are a rare species.

But coming back to the title…

Interestingly the post was published just around the discussion of the severe security issues of WhatsApp. WhatsApp is just another example of a start-up which failed in providing a secure implementation. And WhatsApp is just another example in a long series of start-ups which greatly failed in security.

If “security like a start-up” would be about having all people -  business and IT - security-trained, that wouldn’t happen to such an extent. The problem is that start-ups typically don’t act like they are described in the other post, at least not when it comes to security.

Probably the better title would have been: “Start-ups should also apply the strengths of start-ups to security…” Until that happens, you better be careful when it comes to security when evaluating start-ups or actually using their software and services. I have seen too many of them (outside of the security-related start-ups) with a horrible lack of knowledge about security and thus ending up providing inherently insecure software. And these days, where security has become a major concern of everyone from the end-user to the enterprise, that has to change.



KuppingerCole Select

Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.

Stay Connected

KuppingerCole on social media

Subscribe to our Podcasts

KuppingerCole Podcasts - listen anywhere


How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00