Tips for Co-creating Security Services with Startups
In recent years, open innovation has been emphasized. Co-creation with startups can contribute to solving problems for the company, its customers, and society, and ultimately strengthen the company competitiveness. However, many companies are unsure how to co-create with startups. This article explains the key points of strategy planning, startup research and selection based on the case at NTT DATA.
Why Focus on Startups?
A startup is a new company that develops unique products and services and aims for rapid growth (* 1). If we focus on startups in the field of cybersecurity, the U.S. and Israel are the most common locations and destinations of global investment (* 2). The amount of investment in cybersecurity startups was US$8.2 billion in 2023, which is weak compared to US$16.3 billion in 2022 (* 3). However, in recent years, the threat of cyber-attacks by generative AI technology has become more sophisticated, and the market for security measures against attacks by AI and security measures using AI is expected to grow.
While startups respond to social issues with a sense of speed through advanced technologies and services, they face challenges in improving their management and sales capabilities (* 4). Therefore, NTT DATA places importance on collaboration with startups that are doing business in the security field and continues to incorporate their advanced security technologies and services into NTT DATA's global security managed services. This will enable NTT DATA not only to strengthen its internal security governance, but also to provide comprehensive security services that proactively resolve customer and social issues around the world.
Overview from Startup Discovery to Business Development
An example of the flow from startup discovery to business development is shown in Figure 1. In Phase 1, strategy planning and startup research are conducted. In Phase 2, startups are selected by evaluating their technologies and business suitability through a PoC (* 5).
In Phase 3, the business is launched, and when its achievements are built up, they will move to Phase 4, where the business is further expanded and developed globally.
This article introduces the key points for co-creating with startups, focusing on Phases 1 and 2.
- (* 5) In a PoC (Proof of Concept), new ideas and technologies are verified, and the feasibility of services and business is demonstrated in the minimum configuration environment.
Key Points of Strategy Planning and Startup Research
Strategy Planning and Determining the Scope of Research
There are two approaches to creating innovation with startups: consulting-based and technology-based. The consulting-based approach is a method of analyzing the problems that companies and customers face and selecting startups that possess technologies that can solve those problems. On the other hand, the technology-based approach is a method of anticipating the technological areas and services that are expected to expand in the market in the next few years and co-creating with startups that possess technologies and business models that are unique in those areas. This method can provide unique value to companies and customers that competitors do not have. The key is to choose between these two approaches based on your company's business strategy.
NTT DATA announced its Global Cybersecurity Service Portfolio (Figure 2) in December 2023(* 6), which provides a comprehensive range of services from security consulting to incident response. For each of these 15 service categories, NTT DATA conducts capability analysis and investigates security market trends using its own information network. NTT DATA uses the above two approaches to determine which security technology areas to focus on and which technology areas to partner with startups.
Collecting Startup Information
It is often difficult for you to collect information on startups through search engines because they are often immature in providing information through the web. A good place to start is a database of startups such as Crunchbase(*7).
NTT DATA conducts on-site investigations of startups possessing advanced security technologies in cooperation with our base in Silicon Valley and NTT Innovation Laboratory Israel in Tel Aviv. NTT DATA also collaborates with our group companies in each country to collect information on startup trends in each country and examples of successful co-creation with startups. In addition, NTT DATA carries out research of potential partners from a wide range of sources, including venture capitals, accelerators, analysts, vendors, and security conferences and databases.
Tips for Startup Selection
Selection of Startups
Once you have searched for information on startups, it is time to organize the information. One way is to create a long list and a short list.
A long list is a list of companies after screening startups based on certain criteria. The screening criteria depend on your organization's business strategy, but you can set them based on the startups’ service offerings, financial affairs, company size, geopolitical risks, and economic security risks.
A short list is a selected list of companies that have been narrowed down from the analysis of startups on the long list, considering a wide range of perspectives. When creating the short list, you make a comprehensive judgement of the startups based on their vision and services, customer stories, third-party evaluations, factors that differentiate the company from competitors, market and product maturity, and compatibility with your company's business (Figure 3).
NTT DATA selects the next generation of partner companies on a global level by connecting the startups with a number of our security specialists in each country.
PoC Implementation
Once a candidate startup is selected, it is common to conduct a PoC with the startup.
When conducting the PoC, it is best to clarify the purpose of the PoC and set specific and measurable criteria in advance. The criteria should include technology, services, and compatibility with your company's business. It is also important to set the goal for the PoC and criteria to determine whether to proceed with your business launch. When quantitatively evaluating the company, the evaluation sheet provided by ITIL(* 8) will be helpful.
If these criteria are not defined, the implementation of the PoC itself will become a goal and will result in "PoC poverty" that does not lead to business co-creation. In addition, you should share the outline of the purpose, goals, and criteria of the PoC with the startup, so that your company and the startup share the same understanding of the PoC. Building a good relationship with startups will lead you to receive more appropriate support and advice from startups.
NTT DATA proactively conducts PoCs involving not only startups but also customers. Feedback from customers is essential for evaluating a startup's technology, services, and compatibility with its own business, and it is an important factor in determining future co-creation.
Actions after PoC
After the PoC, you should share the achievement status of the established criteria and the summary of the evaluation results with the startup. Even if the results do not meet the criteria, it may add plans for feature improvement to the development roadmap or suggest alternative solutions based on your feedback. If the evaluation results are favorable, you will make a plan for business launch with the startup.
Summary
In this article, we have explained the key points of strategic planning, startup research and selection for co-creation. In general, speed is important when working with startups. They are also the ones who choose companies to work with and will prioritize companies which they can see business opportunities. It is crucial to incorporate decision makers of your company into the co-creation structure as soon as possible.
Based on the points described in this article, NTT DATA focuses on co-creating advanced security services with startups. For more information on NTT DATA’s security services, please contact NTT DATA.
Yusuke Miura
NTT DATA Group Corporation
Yusuke is engaged in developing new cybersecurity services in collaboration with startups. He has connected NTT DATA with promising startups that will become next-generation partners for global business. Additionally, he concentrates on developing software supply chain security services like SBOM.