Manjula security for startups
Download as PPTX, PDF0 likes473 views
The document discusses the importance of security for Indian startups, highlighting when it is relevant and the need for proper measures such as authentication and encryption. It presents case studies illustrating security failures in startups and stresses that security is a continuous process that must be proactively managed. Ultimately, it emphasizes preparing for potential security threats rather than reacting after incidents occur.
Manjula security for startups
- 1. + Security for (Indian) Startups Manjula Sridhar
- 2. + Agenda ! Why and When does it matter ? Real Security Needs v/s FUD ! Case Studies ! Take Away !
- 3. + Why Security ? Most folk’s attitude towards security is similar to that of exercise and diet. Startups are no different may be even worse !
- 4. + When is Security Relevant ? Enabler to Business Payments and allied services (all online ordering ones) E-commerce Legal/Regulation mandated Healthcare, Legal Banking and Finance Prudent / Good to have (Privacy, Bad PR) Facebook, linkedin Portals
- 5. + FUD is irrelevant to Startups Limited Budget or No budget. Focus is on getting up and running somehow. Any publicity is a good publicity (Have heard cases where founders themselves planted fraud stories)
- 6. + Case Study 1 : A well-known cab company Technology Hack Well publicized event of an ethical hacker hacking the API due to lack of Authentication and encryption. He was able to access the servers/DB as well as the credit card info of the customers stored there. He also claimed he could recharge his mobile wallet. Huge negative publicity ensued and the cab company issued a clarification saying it is only their test bed and not production system that stores the actual customer data etc. Social Engineering Driver collecting the money multiple times for the incentives.
- 7. + Case Study 2 : A Legal Process Outsourcing company A LPO startup with Indo-US operations dealing with a patent case in US. Disgruntled ex-employee got a document (supposedly stored) in a secure vault (and only available for viewing) sent a mail through fake email to the opposite party of the legal case claiming to be in possession of the document. The opposing party did the right thing and showed it to the judge and the judge froze the case and ordered the LPO to address the issues. The client cancelled the contract and they had to struggle to show that they indeed followed all the process.
- 8. + What is the bare minimum security ? Authentication Encryption (https) Backup / Disaster recovery Logs Fraud Management Compliance and Certificate Software Development Security Privacy
- 9. + Prudent View Security is continuous process. Best infrastructure and technology doesn’t guarantee no hacking as weak processes and people issues may defeat them. Security is a stance; it is best to have one and prepare for the eventualities rather than get caught in the attacks and then scramble. The stance after understanding the detailed risk profile could be Cross it when it comes, Mitigate and continuously reduce Insure against. Which one is yours ?