Your business is growing and you are considering expanding your offering to new verticals. The next phase, if you haven’t done it already, is to add payments and ‘quilty-of-life’ tools to help your teams. A good start tech stack for a business which is growing and adding new products is in the diagram. This is the time to also rigorously review your whole tech stack and start taking things out. Carve out 2 weeks every quarter to spend on the tech stack to stay on top of it in terms of cost, usefulness and to ensure you are using tools fit for purpose. Your business has evolved and what worked during the first 6 months might not work now.
So you have launched. You figured out how to make money and you are ready to grow. A good tech stack for growth businesses is depicted in the diagram. Gowing the business usually requires more people. So your tech stack will need to expand to include user management tools. My guidance here is to make sure you figured out what’s available from Gsuite or Office 365 before adding new complexity. By the way, you should only use either Gsuite or Office 365. Never both. Remember to always avoid complexity. If you like us and many other businesses, you will have Macs and Windows. You should also understand Gsuite or Office 365 offering for user kit management before adding new tools. As a growing business, you will consider adding new customer channels. We added fairly quickly telephony and webchat and also integrations to other (non-core) services. You don’t want to build any of this unless it’s your USP which is very unlikely. Finally, remember to constantly review your technology stack to continuously remove legacy.
On one hand cryptoassets are losing value but there are still fat margins to be made by providing trading infrastructure (eg exchanges) for people looking for a bit of fun.
The author of this article is taking a longer term view about crypto: Will people in 2030 buy goods, get mortgages or hold their pension pots in bitcoin, ethereum or ripple rather than central bank issued currencies? I doubt it. Existing private cryptocurrencies do not seriously threaten traditional monies because they are afflicted by multiple internal contradictions. They are hard to scale, are expensive to store, cumbersome to maintain, tricky for holders to liquidate, almost worthless in theory, and boxed in by their anonymity. And if newer cryptocurrencies ever emerge to solve these problems, that’s additional downside news for the value of existing ones.
Most IS best-practices advocate a separation of concerns between management and direction. The IS team are responsible for managing and auditing compliance with IS policy. The Risk Committee are responsible for providing direction to the management of information risk within the business. While the Head of Information Security, heads and owns all IS related policies/tasks reporting into the CTO. The CTO is ultimately responsible for the information security.
Could-native means that brain patterns needed to be rewired. The same thing is true when you moved from from desktop to client and server apps and now to mobile and cloud services. You simply do everything in a different way. This different way happens to be designed from the start with a whole different approach to security and isolation. This native view extends not just to how features are exposed but to how products are built of course. Developers don’t assume access to random files or OS hooks simply because those don’t exist. Everyone has moved up the stack and as a result the surface area dramatically reduced and complexity removed. It is also a reality that the cloud companies are going to be security first in terms of everything they do and in their ability to hire and maintain the most sophisticated cyber security groups. The point is to be able to leverage cloud-native to your advantage.
Banks especially large banks ask a lot of question during their duedil process but there is a common theme. Complete awareness of security requirements and data protection laws needs to feed to design. Adding security at a later stage is hard. Being able to conceptualise and raise above the detail before testing with detail use cases help create useful two step process never forgetting best practices from large cloud provides.