SaaS security bootcamp

The SaaS security bootcamp is a series highlighting security practices that we think all SaaS founders and startups should try including into their business and product. Creating practical security foundations will help build a culture of security awareness, impress prospective customers looking for differentiators, and make it easier to implement more advanced controls in the future.

Before we dive in, we need to fully acknowledge that all founders and their products are vastly different. This bootcamp has been re-written at least five times, each after speaking with a founder or an industry veteran. Unique business styles, different target markets, and solving their own unique problems are just a few of those differences. The information provided might not fit perfectly with what you’re building. That’s ok. Pick out what fits your product and tune the ideas with your own style.

Security is about building layers of protection to help reduce risk and minimise any damage to your success. No one piece of advice will be the security silver bullet, but collectively, they can help prevent a future data breach. Start small with the resources you have and then incrementally improve as your product, team, and customers grow.

The guidance in each chapter will try to be generic enough to apply to any startup and will include a TLDR table at the top, how it will help, what you can do to get started, and how Kinde has tried to implement its own advice. Everything talked about should also be straight forward enough for a small team to quickly take it and run, but also provide enough meat so that seasoned teams can possibly improve on their existing processes.

We may refer to specific tools and vendors, but that’s not to persuade you to use something over another. They’re just examples. Look up their competitors. Do comparisons. Use an open source alternative. Find what works for you. A lot of the vendors referenced are because we come across them when talking with our peers and customers. One specific example that will come up in the first chapter about single sign-on is the usage of Google and Microsoft mail. Just about every customer we’ve come across uses one of those two. Other vendors referenced are because we use them ourselves or they provide reliable reference material. We’re not shy about calling out who we work with because they’re helping us achieve our goals.

And speaking of tools, don’t get caught up on the latest piece of tech. The first line of defense is you and your kick ass team. Tooling will definitely help automate or clarify the work, but it’s people who run your company and design your product.

Ask for help! Security can be a black hole of advice, tools, best practices, recommendations, etc. Don’t be shy about asking for more advice. There are lots of product and startup forums out there with a vibrant community of founders who are likely working on their second or third product. Ask us directly. In our view, if something we’ve done helps a founder secure more deals, then that means there is a larger market for Kinde to attract. That sounds like a win win.