The marketing implications of choosing appropriate levels of security are far-reaching. Companies get hacked and, along with their customers, suffer real losses. In fact, in certain domains security can be a significant perceived competitive advantage (just ask Sun's marketing department to tell you about the security of Windows).
Areas of Interaction
Here are some of the areas in which security most directly interacts with marketecture.
Authentication, Business Models, and Operations
Two key areas in which strong two-factor authentication can have a significant impact are your business model and your operations model. Business models based on named users should consider strong authentication; when users share user IDs or passwords you lose money. xSP operations personnel, such as an xSP system or network administrator, often have tremendous access to sensitive data. To ensure that you're creating an environment your customers can trust, make certain they know that all activities on their systems are protected through strong, two- or three-factor authentication.
Applications in many domains are either regulated by specific standards or required to adhere to them (such as the U.S. Federal Information Processing Standards, or FIPS, for many kinds of applications). Clearly, you have to know the standards. Of course, you can exceed a standard's minimum legal requirements, which means that you may be subject to technology export regulations.
One of the major reasons for the success of the Internet is its open standards, such as TCP/IP, HTTP, and SMTP. Over the next several years the security industry is going to see a proliferation of standards. By proactively adhering to key standards, some related to the Internet, some not, you're going to give your solution a better chance at being adopted by customers, primarily enterprises , who are beginning to demand standards-based security approaches. Note that many security related standards are already available, such as X.509.
While compliance with regulatory requirements may be required, it may not give your application a true competitive advantage, as your competitors are also subject to these requirements. Beyond compliance, which can be thought of as the minimum necessary to be seen as competent, lies trust: the confidence your customers have in your character and integrity and in the ongoing quality of the relationship you've established with them.
You've got a competitive advantage when your customers can entrust their data to you, secure in the knowledge that you won't allow inappropriate access or disclosure. You've got a competitive advantage when system administrators can establish and provision user rights in such a way that sensitive corporate information is made available only to those individuals who should have such access. You've got a competitive advantage when your application seamlessly and usably integrates with digital certificate infrastructures in such a way that users can rely on them without becoming mired in incomprehensible technical jargon.
All of these, and more, are elements of trust, which is an elusive but extraordinarily powerful element of your corporate brand. When you've got your customer's trust, you have a powerful competitive edge. Approaching security with care and building a strong, secure solution, only enhances that trust.
Disputes are common in business, and software systems are often involved in or even cause them. Security techniques such as integrity and accountability help ensure that disputes are resolved in a timely manner. Examining your business model, licensing model, and technology in-license agreements can provide you with additional ideas on how security techniques can help in dispute resolution. For example, providing digest functions on log file entries can prevent fighting among technical support teams ("No, it's your bug, and we can prove ithere's our log file!"). Ask your legal team for help in identifying areas in which security technologies can avoid problems.