Security and Marketecture

The marketing implications of choosing appropriate levels of security are far-reaching. Companies get hacked and, along with their customers, suffer real losses. In fact, in certain domains security can be a significant perceived competitive advantage (just ask Sun's marketing department to tell you about the security of Windows).

Areas of Interaction

Here are some of the areas in which security most directly interacts with marketecture.

Authentication, Business Models, and Operations

Two key areas in which strong two-factor authentication can have a significant impact are your business model and your operations model. Business models based on named users should consider strong authentication; when users share user IDs or passwords you lose money. xSP operations personnel, such as an xSP system or network administrator, often have tremendous access to sensitive data. To ensure that you're creating an environment your customers can trust, make certain they know that all activities on their systems are protected through strong, two- or three-factor authentication.

Regulatory Impact

Applications in many domains are either regulated by specific standards or required to adhere to them (such as the U.S. Federal Information Processing Standards, or FIPS, for many kinds of applications). Clearly, you have to know the standards. Of course, you can exceed a standard's minimum legal requirements, which means that you may be subject to technology export regulations.

Industry Growth

One of the major reasons for the success of the Internet is its open standards, such as TCP/IP, HTTP, and SMTP. Over the next several years the security industry is going to see a proliferation of standards. By proactively adhering to key standards, some related to the Internet, some not, you're going to give your solution a better chance at being adopted by customers, primarily enterprises , who are beginning to demand standards-based security approaches. Note that many security related standards are already available, such as X.509.


While compliance with regulatory requirements may be required, it may not give your application a true competitive advantage, as your competitors are also subject to these requirements. Beyond compliance, which can be thought of as the minimum necessary to be seen as competent, lies trust: the confidence your customers have in your character and integrity and in the ongoing quality of the relationship you've established with them.

You've got a competitive advantage when your customers can entrust their data to you, secure in the knowledge that you won't allow inappropriate access or disclosure. You've got a competitive advantage when system administrators can establish and provision user rights in such a way that sensitive corporate information is made available only to those individuals who should have such access. You've got a competitive advantage when your application seamlessly and usably integrates with digital certificate infrastructures in such a way that users can rely on them without becoming mired in incomprehensible technical jargon.

All of these, and more, are elements of trust, which is an elusive but extraordinarily powerful element of your corporate brand. When you've got your customer's trust, you have a powerful competitive edge. Approaching security with care and building a strong, secure solution, only enhances that trust.

Dispute Resolution

Disputes are common in business, and software systems are often involved in or even cause them. Security techniques such as integrity and accountability help ensure that disputes are resolved in a timely manner. Examining your business model, licensing model, and technology in-license agreements can provide you with additional ideas on how security techniques can help in dispute resolution. For example, providing digest functions on log file entries can prevent fighting among technical support teams ("No, it's your bug, and we can prove ithere's our log file!"). Ask your legal team for help in identifying areas in which security technologies can avoid problems.

When You Have to Prove Your Point

I teach a variety of seminars and classes, and it is always interesting to hear how various parts of a winning solution affect a company. In one class, a student worked for a company that created automated drug dispensing units. She related a story about how the company was involved in a lawsuit that they eventually won.

The lawsuit was initiated by the family of a man who was killed because of a drug overdose. The family sued the doctor, who in turn sued the company that made the drug dispensing unit. The key issue in the case was who was at fault: The doctor, who claimed he input the right dosage level but that a faulty unit dispensed too much, or the company, who claimed that its unit performed flawlessly and that the doctor input a lethal dose.

The verdict was decided in favor of the company. The proof lay in a close examination of the secured, auditable log files generated by the unit. In constructing the unit the company had foreseen this circumstance, and had consulted with their legal team to make certain they were building a legally defensible log file.


Beyond Software Architecture[c] Creating and Sustaining Winning Solutions
Beyond Software Architecture[c] Creating and Sustaining Winning Solutions
ISBN: 201775948
Year: 2005
Pages: 202 © 2008-2017.
If you may any questions please contact us: