Growing your business with better and lean IT risk management
Secure your startup success
- Give your customers and investors assurance
- Develop faster, deploy more
- Don’t lose your business to hackers
You have customers, you are growing and innovating and software is an important part of your business. It is also likely that this software is online and is driving your business revenue.
That means that risks to that online software are a direct risk to your business. I am here to show you how to avoid these risks and get a more successful business in the process.
Why should you worry about IT risk if you are involved in running an online software company?
It is a USP
Even though your service is very beneficial to your customers, it also constitutes a risk to them. You are part of their solution, but also part of their problem. They have their own IT risk management to do, and they have just outsourced some of their IT to you. Demonstrating how you mitigate those risks can actually be a strong selling point. Security sells.
Security may be your USP (Unique Selling Proposition). Your customers have to abide by the law as well. There are a number of ways in which you can demonstrate this. ISO27001 and the Cloud Security Alliance’s STAR certifications are examples, but more light-weight approaches also exist.
Your investors have a significant stake in your company. They take calculated risks, and your evolving on-line service is quite enough for their risk appetite. They don’t need more risk. They don’t need the additional risk of you cutting corners on the IT risks on top of that. Are you proactively demonstrating to them how you are in control, or do you want to get grilled at the next board meeting?
Grows your company
Better risk management often goes hand in hand with better quality control. In software development, the right level of quality control is a great boost to productivity, which leads to business growth. Better risk management is like having better brakes on your car, it allows you to drive faster.
The more automation you have in your delivery pipeline (continuous or otherwise), the faster it is, and the better your brakes need to be.
In the end, the biggest risk to any company is that they cannot innovate quickly enough. Facing, taking and handling the right risks is essential to surviving as a company.
You are probably handling and storing data that is regulated, such as personally identifiable information or healthcare data, or financial information. Mishandling these can lead to severe legal consequences for your company and potentially for you personally.
Don’t get ‘pwnd’
You don’t want your systems taken over by hackers (‘pwned’ or ‘owned’ as they call it). The least you will get is a bad reputation, but there are documented cases of companies going out of business as a result of losing control over their core assets.
So, how do you get on top of IT risk management without distracting too much from growing your business?
Want to know more? Drop me a line, or qualify for a free 30 minute consultation through this link.
Sign up here for a series of brief messages, each of which will help you take a small but significant step. This is free and has no risk; you can always opt-out.
The first message is about a quick-win that is easy to implement, yet important and often overlooked.
If you are willing to commit to improving your startup company, here is the offer I am developing.
DIY: Your cloud risk quick scan
A self paced course, with webinar support, that will result in a good understanding of the biggest risk that your company runs in relation to its cloud and online services. Included is a good understanding of why you should address this: how will your company and clients benefit?
- Top 5 reasons to do proper IT risk management
- Treacherous 12: the risks as seen by the Cloud Security Alliance
- 5 security tips you should be implementing today
- How to get started on demonstrating your proper risk management
Also includes conference calls and an online group for interacting with your peers.
Go here for more details and sign up. Sorry, this program is currently in closed beta; mail me to be invited.
VIP: Cloud risk scan
The in-person full day version of the risk scan. We will take a full day to run through this, dedicated to your company, and guide you through to the result. This could be on-site, or by a webinar. If you do some preparation, this will be like a mini-audit of your company’s IT risk management.
The full works: Cloud security to the next level
In a small group of people, 1 or 2 by company, we will go through a 4 month extensive program to bring your IT security to the next level. You will be working with software intensive small companies. In this program you will get clarity on
- your service and its risk profile
- your cloud risk mitigation activities
- preparation for certifications such as ISO 27000 and CSA STAR
- and much more
The program will systematically move you through the steps that need to be done, as painless as possible. It will have meetings, conference calls, personal time by me, and a boatload of background material (hint: look at my other training material), templates, and other important material. Weekly progress checks.
At the end of this program your company will have:
- more happy customers, as they will be less worried about their security
- faster growth as you unleash your potential and are more tuned in to your customer needs
- more productive conversations with its investors, who are now more convinced of the long term viability of your business model
- more protection from legal issues
- a smaller chance of seriously getting hacked.
Peter is incredibly knowledgeable and takes the time to answer questions and actually work with his students. The course is also an amazing way to learn how AWS actually works and, by the end of the labs, you feel ready to manage your own cloud! The materials are easy to understand and yet technical enough to get real-life security implemented. This was a great course and far beyond most of the accreditation courses I have completed.
I attended Peter's CCSK-training and found it very useful, because 1) the sessions gave me more insight on several other aspects of cloud computing than only security, 2) it "inspired" (/forced) me to study the CSA guide/ENISA more thorughly and not least 3) I manage to pass the exam 🙂
I had very little to no experience wit the CLOUD, so this training was incredibly valuable to me. My new professional responsibilities are becoming more and more cloud centric. I have a greatly improved level of confidence because I know I have a solid educational foundation that the training and exam preparation has provided for me. I cannot recommend it highly enough!