Kirsty Wark
Many companies start with the most basic setup and think they can improve it down the line. But it hardly ever happens. The choices you make in the first days of the company establish a series of habits, contracts with suppliers, holes in the security policy, etc., that multiply fast and are really hard to change or correct later.
Creating a company is not like building a flat-pack piece of furniture. It is an architectural choice. If you make the right choices at the beginning, everything else just fits in nicely. If not, be prepared to be repaying technical debt for a year.
Start With a Cloud-First Software Strategy
New businesses should automatically use SaaS and cloud-based tools, rather than on-site servers. It is not about jumping on the bandwagon; it is about not painting yourself into a corner. Cloud infrastructure will grow as you do. Physical servers place fixed costs and an ongoing maintenance burden on you before you’ve even established that you need that level of capacity.
For most businesses, this means connecting to services that provide storage, collaboration, or even your entire business logic via the internet, rather than installing and running a physical box in your office.
ERP, project management, or document storage, for example, should all be cloud-based from the get-go.
Disaster recovery is where you will notice this decision most. If your data is already living in a properly backed-up cloud environment, a failed hard drive or a leaky server room won’t result in any downtime. It’s built in, rather than added as an afterthought later on.
Connectivity is Your Most Critical Dependency
Every other thing on this list requires you to have an internet connection. Be it video, VoIP, remote cloud, or backup access – it all goes for a toss in the absence of proper connectivity. So you must shell out more than you plan to for a reliable connection.
Not just the amount of data you can push, but it is an even split between what you send out and what’s coming in – something called symmetric bandwidth. Most home connections are not. There are plenty to download a video stream, but not quite enough to upload that large video file to your cloud storage in a reasonable time.
For that, especially if you depend on cloud tools daily, consider a fiber optic line and a business internet service provider that can write that down in a contract – try to get a redundant link in case one connection goes down, how fast will they get you up and running (an SLA). It is costly to have you wait or pay the guy by the hour to wait for the ISP to show up on a regular workday. A 99.9% uptime still means you are down for more than 9 hours a year. Can your business survive that cost?
Build Security into the Network, Not on Top of It
Adding security after the infrastructure has been set up is never as effective as incorporating security into the design itself. For instance, when you’re building a business network, the architecture should have multiple layers even before you plug in a single device.
That’s a firewall that’s correctly configured at the perimeter, Wi-Fi that is encrypted and segmented so that guest access does not intermingle traffic with your systems, and multi-factor authentication that is required across the board for any account that interacts with company data. MFA by itself will block most credential attacks.
Remote work enablement is in the same bucket. If your team is in multiple locations now, or that is on the horizon for you, VPN needs to be part of your design, not a retrofit when somebody wants to work from their vacation home. A cybersecurity framework that does not build in VPN access lacks completeness.
If you are in the EU, data sovereignty probably matters to you. There are very strict rules about where customer data can reside, and those rules are different if you are based in the US. Find out before you sign up with your cloud provider.
Design the Physical Office for What You’ll Need, Not What You Have
Many offices are wired based on current headcount and use cases. One and a half years down the line, they will be working with extended cables and no Wi-Fi signals in the conference rooms.
A dead zone can be avoided by having high-density mesh Wi-Fi coverage. Energy management and access control IoT sensors are easier to implement when the space is installed initially than when it is filled with people and equipment.
For physical security – access control of sensitive areas, server locks, entry logging, etc., are also expected to be part of the layout. It is more difficult to add as an afterthought than people realize, and (unfortunately) is not viewed as important until something happens.
How to Think About Hardware
Do not purchase hardware if you don’t have a lifecycle plan. Every piece of equipment you buy has a guaranteed lifespan, maintenance expenses, and, eventually, replacement costs. Planning for any purchase will help you budget correctly and prevent yourself from being in a situation where many crucial pieces of hardware go end-of-life at the same time.
Lease agreements, as well as managed hardware services, can help even out these costs. The predictability of such an approach is usually beneficial for companies in their initial years.
The companies that grow without continuous technical interruptions are not the companies that spent the most during launch. These are the companies that early on decided on connectivity, security, and adaptability, rather than just selecting the cheapest and fastest options.
