I’ve been doing security for a long time now, probably more years than I would be happy counting. Despite the number of advances we have seen during that time in terms of technology and process approaches; there remains one factor that has stayed unchanged.
Security is expensive.
As I am the founder of a security company, your hypocrisy radar should be beeping as you read this. Don’t I sell into this industry?
We are not happy
The thing is, while we as a company have to pay bills and staff, we don’t like the fact that our industry is largely unavailable to 75% or more of businesses.
Companies who don’t have an IT team, security person or security team.
Companies on tight budgets
Companies who are small or growing
Companies that wouldn’t know what to do when faced with the wall of ‘information’ a security firm will give them.
This makes me sad. Did you know that there are over 400,000 small to medium businesses in New Zealand alone? They provide jobs, services and products, often quietly and without fuss.
Don’t you find it strange that we have made security largely unavailable to them? Excepting a few non-profit groups like NetSafe, they get little practical help.
Big companies are made up of small companies
The reality is, while we seperate our enterprises from our SMBs, we tend to forget that the enterprises rely on these small companies to get stuff done.
When our eco-systems smallest entities are vulnerable, our largest entities inherit this vulnerability without realising it.
Where is the empathy?
We are a small business. We meet many of the same challenges faced by SMBs everyday. We have a fair idea of what it means to be in their shoes.
When we come to buy software for SafeStack we are often too small to buy. We don’t need 200 licenses and we don’t have tens of thousands of dollars per year for licenses.
We know how frustrating this is.
I love that the world is becoming more aware of the importance of security, but for these smaller groups we are telling them about a problem and putting the solution out of reach.
We taunt and tease them rather than help.
Blah Blah Blah business profit margins blah
At least one of you is sat rationalising this. Scaling is hard you will say. Teams cost money. We can’t save the world, we have to save a few.
Nobody wants to admit that we are making this choice for profit reasons not for the betterment of security. It’s the truth though.
We run our businesses on margins and profits.
What about the smaller companies
There are many great non profits and volunteer groups out there that provide open source and free tools for people who are keen to get stuck in themselves. In fact I recently gave a talk at NDC Sydney about bootstrapping security if you have the enthusiasm but not the resources. You should check out the video when it gets released for some tips and tools you might want to consider.
SafeStack is trying to get stuck in here too. This week we launched the closed beta for our first product (http://dfend.io) which is a step towards providing basic security tools for small and fast moving companies that may not have the time, resource or budget for anything else.
Our tools will not be complex or sophisticated. We will not be changing the world nor will we show you the hidden cyber enemy.
We will however promise to do our best to bring simple, effective security to anyone who needs it. We hope to grow this out into a suite of simple things that can help any organisation get better at security.
At SafeStack, we don’t believe that security is something you only need when you are big. We don’t believe that you have to spend thousands of dollars to do it.
We believe that everyone needs security so we should find ways to make security for everyone.