Does a Minimal Viable Product Need Any Security Considerations? YES! (Cloud Computing)
I really like the lean startup movement. It is result and data driven, and leads quickly to products customers want. One big building block of the lean startup movement is a so-called minimal viable product. The concept of a minimal viable product means that you build a product with a minimal set of features that might not be completely finished and you show this product to your potential customers so that they can give you feedback about it. You use this feedback to improve your product and add the features customers ask for.

If you just started working on your startup and you just finished your minimal viable product please think twice: Did you add security to all the parts of your minimal viable product that work with sensitive customer data?

I consider security a critical component of a minimal viable product that handles sensitive customer data because if you do not have security in mind while building your minimal viable product it might happen that your customers will sue you before you get of the ground. For instance, if you are storing loginnames or passwords of other cloud services or bank account information and this data is lost because you got hacked your customers will turn on you and make sure there is no version one of your product.

I am not saying that you need a multi-layered, very complex security concept already implemented in your minimal viable product. However, I am saying provide basic security measures for the sensitive data of your customers. These first steps already made during the work of the minimal viable product will help you adding more relevant security features while your product grows. And the basic security measures let you manage the security risks you are facing during the early versions of your product.

I am not telling you this story out of the blue. At a startup a friend of mine works it happened that they got hacked a couple of weeks ago. However, because they had added a certain layer of security to their minimal viable product the hacker could not retrieve any sensitive data of customers. So, be aware and think twice of security!

This text represents my personal opinion and has nothing to do with any company I associated with.
Posted by Thomas King at 22:38 2013-07-25 | Trackbacks (0) | Comments (0)