Privacy is not an afterthought with the “privacy by design” mindset, and FinTech startups may take a similar approach with data security. In that sense, they may incorporate data security every time they make an enhancement or a release. “It’s really built in by design,” DadeSystems CIO Mike Capote told PYMNTS.com in an interview.
When FinTech startups take a "security by design” approach, they take security into consideration when making updates, and seek to ensure that they are not sacrificing security when they make software implementations. That is important because, in the ever-evolving cyber threat landscape, new challenges arrive daily.
“It seems like every day, there’s a new exploit,” said Capote, who recently joined the firm as CIO after the company hired his former firm ProPrivatus to help with IT security and compliance. But there is an opportunity for FinTech startups when it comes to adapting to the changing cyber threat landscape, as they don’t have 20 years’ worth of code that they need to retrofit. Instead, startups are able to meet this challenge as they go, without having to address them with technology that is two decades old.
While development and response times tend to be long with the waterfall approach to releasing new or updating existing software, some FinTech startups are turning to agile development. In the latter case, Capote said that development is done in “quick spurts” that are also called sprints. That is, a FinTech startup may focus on only 10 items for its next release through the development process, and the team works on getting those items right before moving onto the next 10 items.
But how does a FinTech startup decide what to focus on for updates and enhancements? Those items may be developed by looking at customer requests for new functionality, as well as the company’s own product roadmap. Either way, the startups are able to make those developments into workable bites through agile development, and mature them through subsequent releases. FinTech startups also have to be mindful of a compliance-driven environment, as the space is, of course, highly regulated.