Application security
Security as a Differentiator: How to Market the Secure Customer Experience
Key takeaways:
- Customers expect companies to effectively protect their sensitive data, so showing that your company is trustworthy and secure adds value to your product or service
- Get your entire company thinking about security as a marketing tool and revenue driver by initiating conversations with your board and executive leaders so they can evangelize the message from the top down
- Share your security responsibilities with developers to help them integrate secure code from the get-go
Leverage your organization’s integrated software development lifecycle security as a go-to-market differentiator and reach maturity in your cyber mission and culture.
Leveraging software development lifecycle security as a go-to-market differentiator is imperative in setting companies apart from competitors. As Coalfire’s Cloud Advisory Board and my colleague Gail Coury eloquently pointed out in our recent Securealities Report, Smartest Path to DevSecOps Transformation, expectations for customer assurance are too high for corporations to treat security as a trade secret anymore.
Today, everyone is cybercrime aware. If they’re not demanding it already, just about every B2B and B2C customer will soon expect up-front assurance from their providers that security is 100% present and accounted for. This also goes for vendors, suppliers, partners, regulators, courts, utilities, governments, countries – everyone.
“Boards and C-suites are more attuned to enterprise security risk than ever before. So are vendors, suppliers, and customers. It’s about time. We’ve been talking about using “security as a marketing tool” for years, but the time for talk is officially over.”
– Gail Coury, Coalfire Cloud Advisory Board, CISO and Senior Vice President, F5
Key takeaways about security in the competitive market
The goal is to instill in constituents that security is at the core of every relationship and is baked into your company’s DNA.
- Incorporate security and trust into messaging alongside features and specifications.
- Understand that competitive differentiation is a team sport that requires knowing how to talk about being secure internally and externally.
- Ensure customers know that both you and your supply chain are secure – and be able to back that up with certifications and proof points.
This part of the value discussion has evolved over time, where security and the currency of trust can be looked upon as marketable business factors with measurable returns on investment. As the interface between customer and company becomes more digitized, customers want to rely on the company’s entire digital landscape to keep their identity and data protected, assure business continuity, and prove that the user interface is a security comfort zone where buyer and seller can streamline their work together with minimal frustration.
Ways to tell your story
The most effective go-to-market tactics, starting from the top:
- In-person discussions/workshops as part of the purchase process
- Publication of compliance reports and penetration testing results
- Maturity score/benchmark against frameworks, industry peers, etc.
- Customer-facing collateral providing detailed technical/security blueprints
- Security rating by third party, e.g., BitSight, Security Scorecard, etc.
Pathways to competitive differentiation
Look in the mirror
Security pros have been viewed by coworkers as dogmatic rule enforcers for far too long, mainly because security leaders traditionally have not been as closely aligned to the business as other leadership roles. It’s time to evolve away from this image and contribute a business perspective if leaders want the organization’s cyber effectiveness to mature and keep up.
Safe supply chains, safe vendors
Sharing your company’s security persona and posture with influential colleagues in your supply chain is critical to marketing and communications. Customer data and identities are exposed to new threats daily, and they need to feel protected in a world where network perimeters are crumbling around them.
Evangelize executives
To get everyone thinking about security as a marketing tool and revenue driver, start by initiating conversations with your board and executive leaders. Instead of being an expensive bad copy that peers within your organization look to avoid, push your department to become a repository for answers on how to empower business and security together.
Have customer conversations
As part of any pitch or proposal, include an element that shows off your certifications, and educates prospective customers about how you will develop and apply security controls and contingencies on their behalf over time. People of all technical aptitudes need a helping hand to understand what protections are needed and are in place, and how to bring those messages back to their own customers and internal departments.
Frameworks – the new seal of approval
Security frameworks have evolved like wildfire over the last few years. Markets and marketers barely knew what frameworks were until the proliferation of GDPR, CCPA, CMMC, ISO, and others started taking center stage. Now they are quickly embedding into the collective consciousness, and even the least technical among us understand their value as security seals of approval.
Be the enabler
Have conversations with your heads of marketing so, in turn, they can integrate security messaging into their GTM efforts that relay those value propositions to customers.
Secure the code
With digital transformation, security is more important to ensuring brand integrity and customer trust. It’s time for us technologists to become true business leaders. Help developers by sharing security responsibilities and doing the right thing by integrating secure code from the get-go.
- Model threats together in the first agile team meeting
- Reward security excellence in development lifecycles
- Educate executives, employees, vendors, suppliers, and customers
- Make sure development security is baked in from the first scrum to end of lifecycle
Walk the talk
For every business unit and department, always ask: How are we integrating security into our daily work activities, and how will it improve the customer experience? Only when you have the answers can you confidently market your organization as one that cares about security, and as one that is fundamentally mature in its cyber mission and culture.