The ease of technology today means most startups can begin with something small that may only take months or even days to develop. As the product grows, as traffic increases, and as the product’s visibility rises in the marketplace, there is also a greater risk of threat. Here are a few simple things you can do to ensure your infrastructure is more secure.
Get a code audit
Show your code to another developer and ask for their feedback about access to the database and the controls you have in place. If your developer is experienced, they would have followed best practices, and you should find that you are where you need to be, or that you are at least prepared to move to the next step. An external review by someone not already involved is key in identifying whether best practices have been followed and ensuring that you are aware of the weaknesses.
Secure your server access
Securing access to your server is another key consideration. This means simple concepts such as using private keys over password access. It involves more involved concepts, such as ensuring firewalls are in place to prevent access from unknown IP addresses. The firewall may also count connections from a single IP, identifying unusual traffic and blocking it, or it may be set to only allow certain kinds of users to stop any activity that would not be considered the norm.
Server security also involves daily and weekly concepts such as updates to the server, a process for monitoring your server, and an understanding of what is required to ensure you can react quickly if something does happen.
Secure your infrastructure
The security of your infrastructure is also key. The use of a Virtual Private Network that both allows you to deploy to a hosting provider and ensures there is only access to your application on the Web is essential. You also want to ensure secure access for your technical team and dedicated access for developers.
Ensure you have a CDN in place
A CDN is a Content Delivery Network. By definition, this is a “geographically distributed network of proxy servers and their data centers.” The function of a CDN is to increase and speed up delivery of content and to deal with higher traffic volumes. Clearly, this is key as you grow your product.
Know the law
As of May, the General Data Protection Regulation (GDPR), which was adopted by the European Parliament in 2016, becomes enforceable. The law contains specific regulations regarding the protection of consumer data and lays out responsibility and accountability, details of consent, the role of a data protection officer, data breaches, the rights of the consumer, and penalties. Given that this law will apply to everyone, it is important that you read it and ensure you are prepared for the May deadline for compliance. /
We have a few blog posts that you might find useful in making sure that you are as secure as you should be. Check out ‘What makes startup servers crash and how to prevent it’ and ‘Can your startup resist an ABC TV cover story?’.
You can also sign up for a quick mentoring session if you are not sure where to begin.