editione1.0.0
Updated October 9, 2023You are selling more, you are serving more customers, and there are way more “things to do” in your world that you could possibly imagine. The more you grow, the faster you go. Whether that is truth or perception, it doesn’t matter—your world is not slowing down anytime soon.
This can introduce the following security challenges:
Monitoring and spotting issues. Have you ever been working so hard and going so fast that when you finally come up for air you are surprised by how far you have come? That’s common when we are pushing hard and scaling. This focus (required to succeed when growing) can also lead to a tunnel vision where we don’t notice what is going on around us. As the team grows, this problem gets worse, as it’s now more and more difficult to get to all the meetings, meet with all the project teams, and understand what is getting done around you every day. All of this means that issues can crop up unexpectedly and you may not notice—including security ones.
Cutting corners, inconsistency, and shortcuts. Ever been trying hard to get something done and found yourself slowed down or frustrated by the process you need to follow? Of course you have, it’s human nature to try and find the easiest way to get a job done (and not in our nature to always choose the path with the best quality outcomes). Securing our organizations often involves introducing more processes. Even when very carefully done with a focus on enablement, these can cause frustration. There will always be times where people (including you) cut corners and avoid processes. There will also always be times where you or your team are distracted, and make bad decisions or make a mistake. The more you grow, the more this will happen.
Fighting human nature is a terrible idea. Rather than trying to stop people from making mistakes or cutting corners, make the secure path to getting something done the easiest path to take. Reinforce this by monitoring as much as you can so that if something does go wrong, you can respond quickly.
There isn’t a tool or product on earth that meets every customer’s needs the first time, so you are likely to be iterating quickly to get to the ideal product-market fit. The things we don’t get around to doing on the way, we call technical debt.
As you iterate, your product will grow and become more complex. There will be compromises made and technology decisions that seemed like a good idea at the time.
This can introduce the following security challenges: