Ask The Board: Marketing Security Practices And Processes

Q | From your marketing perspective, how can security practices and processes be leveraged as a differentiator?

The majority of software companies will most likely have a technology stack that provides varying levels of security. In addition, these companies may have some level of processes and documentation regarding their security. Having said that, today’s consumers (this includes businesses as consumers) are increasingly concerned about security — and are now asking for proof that the company they are working with is doing everything it can to protect their information.

It was not that long ago that SaaS companies could provide a self-reported statement outlining their policies and procedures; however, more sophisticated customers are requiring third-party verification. The most common is to leverage a firm that can perform a Service Organization Controls (SOC) 2 audit (or ISO 27001, if international) and provide a report that the company is doing what it says it is doing to protect data. In the case of the SOC 2, which was a standard developed by the American Institute of Certified Public Accountants (AICPA), it defines criteria for managing customer data based on five “trust service principles:”

1. Security
2. Availability
3. Processing integrity
4. Confidentiality
5. Privacy

So, to grow or expand markets it is becoming a requirement for SaaS companies to acquire these certifications. From a marketing perspective, SaaS companies that have acquired this certification can use the FUD (fear, uncertainty, and doubt) against their competitors that are self-reporting. Finally, to acquire funding, whether through private equity or public markets, these designations are perceived as a display of operational maturity, which provides some level of confidence to potential investors.

In the end, third-party validation of your security is truly a requirement for selling to larger customers, selling internationally, obtaining funding, and differentiating your software from competitors that “self-report” their security procedures.

MARK SOKOL is the VP of marketing at Liongard, a software company that automates the management and protection of modern IT environments at scale for MSPs and enterprise IT operations. He is an experienced software and SaaS product/marketing leader who has driven revenue growth at several technology companies, including Sage, TriNet, and ConnectWise. He is known as a creative, pragmatic leader who can find great talent and then develop them into high-performing teams that drive revenue and build a brand.

We’re hiring! The pay isn’t great — in fact, it’s zero — but the rewards are. The leading software executives and thought leaders on our editorial advisory board have a vested interest in contributing their expertise and opinions to shaping Software Executive Magazine.

Are you a progressive B2B software business leader who’s interested in contributing to the effort? Drop Chief Editor Abby Sorensen a note at Abby.Sorensen@SoftwareExecutiveMag.com.