I’ve been working with B2B software companies for 7 years, helping them win more business by scoring high on their application’s security.
When B2B software companies sell to their clients, they almost always encounter questions on the security of the application: sometimes these are raised as objections in sales discussions, but more frequently they are asked in a security questionnaire. The larger the prospect, the longer the questionnaire. The buyers’ want to ensure the application meets or exceeds baseline security checks. These baseline security checks are sometimes defined in the buyer’s internal application security standard.
And this is true for our clients across vertical solutions for financial services, healthcare, insurance etc. and across horizontal solutions like employee productivity, human resource management, sales & marketing management etc.
Some of the basic questions our clients encounter are:
- What are the security features of your application?
- Does your application do input validation checks on every field?
- Are sensitive data protected in transmission?
- Does the session expire automatically after a period of inactivity?
- Have you had a third party security assessment of your application?
Size Matters: Larger clients have longer lists
As the size of their client increases, so does the due diligence. A third party application penetration test is an important requirement for most large companies globally. Boards, managements and security executives have to take the very best care of their customers’ data, their trade secrets, their brands, their reputation. That requires verifying the security of all applications with critical data. Whether the application is developed in-house, developed offshore, hosted internally or completely outsourced, they need to be tested thoroughly. Third-party reviews mandated by large clients is the top driver for our clients in the US, Europe and Asia.
Certification: A tangible marketing tool
A penetration test report gives a snapshot in time of the application’s security posture. To make this posture future proof (version proof), enroll the application in a continuous testing and certification program. Plynt has been certifying applications since Feb 2006. The Plynt Certification criteria specifies the minimum security requirements for an application. The certificate enables application owners to show how the application stacked up against a standard set of checks. A Certificate thus delivers real value in a very tangible form.