August 17, 2017
Case Study: Making Security a Core Strategic Initiative
How one growth-stage edtech company prioritized security to make its products safer and its business more competitive.
When he was first approached to have a talk about security, Mike Silagadze was cautious. As the CEO of Top Hat, a company that sells classroom engagement software and electronic textbooks to colleges and universities, he recognized the need to invest in the security of his solution. However, like the CEO of every growth-stage company, Silagadze was caught up in the difficult balancing act of managing limited resources against many competing priorities. As a result, although Top Hat had prioritized security from a compliance perspective, it hadn’t yet been incorporated into the company’s core strategy.
Enter the Georgian R&D team.
Along with key members of his own technical staff, Silagadze met with Yevgeniy Vahlis, Georgian’s Director of Security First, who provided a detailed overview of the risks that today’s businesses face. He explained how companies no longer need to be specifically targeted to be hacked. Instead, these days hackers automate much of their work, sending out phishing emails, for example, to exploit vulnerabilities at unsuspecting organizations. That keeps the incremental costs of attacking companies low, meaning that hackers can afford to cast a much wider net.
Vahlis outlined some of the worst-case scenarios that could play out including having systems locked down with ransomware or having a sales cycle disrupted by the launch of a denial of service attack.
What followed was a discussion about using security and privacy to create competitive differentiation, looking at examples such as Snapchat, which built its entire business around a privacy value prop.
By the end of the conversation, Silagadze had asked the Georgian R&D team to conduct a comprehensive security review of Top Hat’s architecture and products.
“It was a turning point for how they approach security,” explains Vahlis. “The team already knew that security was important, but like many teams we talk to, there perhaps wasn’t a full appreciation of just how vulnerable most businesses actually are.”
A Meeting of the Security Minds
Soon after their initial meeting, a series of interviews ensued. The Georgian R&D team worked closely with George Eichholzer in particular, Top Hat’s VP of Engineering, to learn more about the company’s security. For Eichholzer, it was a great opportunity. “Security has always been on our radar, but it needed more resources devoted to it,” he recalls. “By having Yevgeniy and the team help us, it elevated the discussion and paved the way for us to start making some important changes.”
Over the course of the next several weeks, the Georgian R&D and Top Hat teams met regularly. They talked through a number of security issues that Top Hat was already aware of, as well as several that they were not.
Shortly thereafter, the Georgian R&D team prepared a 13-page report that consolidated their findings. The report contained a prioritized list of the security threats Top Hat was facing, along with the likelihood of each of those threats being exploited and their potential impact on the business. It then went on to outline a mitigation strategy that detailed the architectural, process and cultural changes needed, while also proposing a timeline for implementation.
Embracing a Secure Future
Today, security is a strategic focus at Top Hat. With Georgian’s support, the company is working its way through the recommendations outlined in the report. It’s also hiring for new engineering roles that will create additional capacity on the team for dealing with security-related issues. Perhaps most important of all, Silagadze and his team now see opportunities to use security as a differentiator for the business.
“We’re very thankful that the Georgian R&D team not only helped us identify, prioritize, and create a roadmap for solving a number of security issues, but that they’ve also helped us pinpoint a new way that we create value for our customers,” says Silagadze. “That’s going to help set ourselves apart from our competitors.”
For Top Hat, and its customers, it’s been a win-win.
“We’re very thankful that the Georgian R&D team not only helped us identify, prioritize, and create a roadmap for solving a number of security issues, but that they’ve also helped us pinpoint a new way that we create value for our customers. That’s going to help set ourselves apart from our competitors.”
CEO & Co-founder of Top Hat
in your inbox
Join our community of thousands of tech entrepreneurs to get actionable insights from our monthly newsletter.