Dec 19, 2016
Application security is vital for minimising the risk of attacks crippling your organisation, but there's a hidden benefit of exceptional application security that often gets less attention.
That's the ability to differentiate your organisation from its competitors.
There's a large number of ways that application security can be used to differentiate you from your competitors, and in today's post I share a few examples.
Leveraging a Security Failure of a Competitor
One great way to use your organisation's application security as a differentiator is when a competitor has just had a major breach. It doesn't matter how severe the breach is, whether it's one of the major security failings we've covered previously, or a more minor breach that failed to have an impact.
Competitor security failings build up FUD (fear, uncertainty, doubt) in your prospects, and these incidents represent an excellent opportunity for you to be producing lots of marketing material promoting your security practices, and great security record.
Discussing Security Benefits
How often is your data backed up? What makes your data centre more secure than your biggest competitor? Do you have information security policies? What are they?
A security section on your website discussing all the benefits potential customers will realise from your security practices is another way to differentiate your organisation from competing brands.
This can be particularly effective if you're competing with underfunded, smaller competitors that struggle to afford more complex security solutions. Security is becoming increasingly important to customers.
Using Third Party Endorsements
The more quality third party endorsements you can publish, the more likely a prospect is to trust that your organisation is one that values security. There's lots you can do to promote these ties, like posting to your blog when you pass certain requirements.
There's also a number of third parties that run endorsement programs, like McAfee SECURE. McAfee run automated tests on your website to check it's security, and so long as your website is deemed secure, you can display the McAfee secure logo on your website.
Are there any big security brands you can legally use in your marketing material?
Maintaining A Transparent Security Blog
Our final tip for differentiating your company from its competitors is by running a transparent security blog. Somewhere you can share the security improvements you are making, and discuss the issues of security with your readers.
It also represents an opportunity to post system updates, and inform the public of hacking attempts or exploits. An example of this done well is Buffer's Open Blog. You can see they've posted on topics detailing how some parts of their software works, why they make specific engineering decisions and how Buffer reacted to the 'Heartbleed Bug' to protect its customers.
Buffer were also praised for their covering of a security breach in October 2013. You can see how they went about covering the attack in this blog post.
It is widely agreed that Buffer managed to turn a huge negative (a successful hacking attempt) into a positive, by showing how proactive they were in resolving the issues, and their transparency in detailing how it happened and what they were doing to fix it.
Application security is something which often moves a lot slower in big organisations. Organisations are scared about tripping up and triggering a PR nightmare, which often results in slow public responses to security attacks.
Could your organisation take a leaf out of Buffer's book, and be more pro-active with how it promotes its application security? It's almost certain to make you stand out from your slower competitors.
How can an organisation use application security to differentiate itself from competitors? Do you have any great examples of it being used in the market place you can share with us? Post them in the comments below!