Golden Frog’s Co-CTO Phil Molter was recently interviewed for a Built In Austin article about security for startups. Phil’s responses are below, and you can read the full article here.
This article originally appeared on Builtinaustin.com, and was written by By Colin Morris.
With the mounting threat and liability of security breaches in today’s tech landscape, no startup can afford to launch without a security plan. And with privacy, usability and regulations to consider, there’s no such thing as a one-size-fits-all approach.
With Cyber Monday looming, it’s more important than ever to have your affairs in order.
We asked the experts at three Austin tech companies focused on security and identity management what matters most when you draw up your company’s plan. The Q&As below should help you find the right questions to ask, the constraints to consider and the new trends you should know about.
What security standards matter the most when building an online community?
When building an online community today, the most important standard is simply to encrypt all communication and data. This allows for protection of user privacy and security from eavesdropping. That makes the TLS (Transport Layer Security) protocol the most important standard for network communication, and the AES (Advanced Encryption Standard) encryption ciphers the most important standard for data encryption. Encryption doesn’t solve all of the security problems, but if you don’t start with it, all your other efforts are compromised.
What are the most important questions a company should ask when making decisions about security features and safeguards to implement? How do you evaluate risk?
Companies really need to ask how they can be compromised and what information can be obtained. Companies tend to focus on external threats, whether they’re active like malicious hackers or passive like government eavesdropping. Companies can just as easily be compromised through internal channels as well. Target, for example, was compromised through an internal vendor. We call these the attack vectors, and asking what they are and working to minimize them is key to security.
What are some ways to balance security with convenience for users?
The misconception is that security and convenience are mutually exclusive. In fact, improving convenience for users can actually enhance security, because it makes it easier for them to protect themselves. Tools like Golden Frog’s VyprVPN make security more ubiquitous because they make it more convenient. The best way to balance security with convenience is to make security more convenient, not to sacrifice some security for convenience.
Tell us about some emerging technologies in this area. How will they impact security?
Zero-knowledge protocols, which allow service providers to provide data transfer services without any access to the data itself, are really coming to the forefront of the privacy and security debate. Messaging apps like Golden Frog’s Cyphr are making use of it to provide secure and private individual and group conversations. Even Apple is pushing this technology to protect their newer iPhones and iPads. This technology and the mindset behind it is pushing security and privacy control to the end-users. People no longer have to trust an intermediary to treat their data securely.