editione1.0.0
Updated October 9, 2023When you started selling to customers close by, it was likely fairly simple, operationally. You understood the operating environment, the people, the laws, and the culture.
If you are a company that has expanded outside of your immediate local area, this certainty in your context will fade. The further you get from home, the harder this gets, and some of the risks introduced are far from your normal world.
This can introduce the following security challenges:
Change in risk profile. If you happened to grow up in a nice neighborhood where the worst in local crime was the theft of your neighbor’s beloved garden ornament, then you may not have a lot of experience when it comes to understanding the difference in security culture and crime in other parts of the world. It is really difficult to understand what you have never experienced.
Everywhere is different when it comes to security risk. Some places have more physical crime and theft, others more electronic. Some markets have operating cultures like bribery embedded in day-to-day life, others have very strict and tightly enforced anti-corruption laws. Your risk comes not only from the systems you build and the processes your company uses to operate, but also the environments in which you and your customers operate. This changes not only their behavior but also their expectations. Do your research, work with product teams, and generate personas for your new customers and markets to understand not only how their needs differ from your existing customers, but also how their behavior and environment will affect their security.
exampleIf you are a product company building a mobile application that is secured with biometric authentication (in simple terms, your app lets people log in using facial recognition or a fingerprint), that will work really well in markets that have high adoption rates of new technologies and high-end mobile devices.
However, if you roll out your application in other countries, particularly those developing at a different rate than yours, you may find that users there have less sophisticated devices and can’t use biometrics like facial recognition or fingerprints.
New laws, regulations, and restrictions. Just like selling into a new region often requires careful planning to ensure you meet any new tax or operational requirements, each new region also brings new laws, regulations, and restrictions. This is particularly relevant to law around personally identifiable information and data storage/retention. Spend the time before launching into a new region and get some local expertise. Find out what you need to do to stay compliant and safe whilst balancing your own security requirements and those of your existing customers. Taking a little more time upfront can reduce a lot of stress later.
International interference. At the far end of where growth meets security, we start to get into some very big and very complex sets of security challenges—those that involve national security, critical systems, and international interference. It’s beyond the scope of this book to dive into these subjects as they require a good understanding of not only the technical and security aspects of the risk but also the motivations that lead to them and the intricacies of our global, political environment.
In short, this is a big space and if you are getting towards this end of security, it’s time to get some specialist help. In the meantime, be conscientious with your business model, pay close attention to the news and economic/political climate in all the markets that you operate in, and adapt as risks emerge.
important Whatever changes you need to bring to your organization to scale and succeed, you will make them. It’s in your nature to adapt and adjust, to learn quickly, and to make sure you are optimizing for growth. Just remember that each change you make and choice you make can change the security risk of your company and introduce more challenges for you to solve. Be conscious and consider the security impact of every change you make and you will be well prepared to address them quickly.