Security Opens the Door to New Opportunities
Looking for an opening with a potential new customer or want to stay sticky with an existing customer? Try working security into the conversation.
That should get their attention.
But that talk track doesn't have any legs if you aren't selling software that addresses security concerns. For example, the workflow and Web to print solutions from Rochester Software Associates (RSA) are developed with security in mind. Security enhancements and updates are integral to these products.
When discussing security, it's helpful if your hardware or software provider has credibility in this area. Using RSA as an example, its customer base represents a Who's Who of the corporate world, including Fortune 500 and Fortune 1000 companies, Ivy League schools, universities, and federal government agencies. These clients have strict security requirements and expect their vendors to meet those security needs.
"Things are evolving quickly in the world of security, especially in the last two years and we’ve been evolving with it," says Alan Wood, senior solutions architect/ information security, RSA. "We have to be good enough to pass that test and be above the bar, but not only above the bar, we have to exceed it in almost every instance."
Wood is an IT geek who loves to talk about the bits and bytes of the products his company develops and sells. Over the years, he’s become an authority on security. Wood has witnessed the security evolution firsthand and is helping RSA remain on the leading edge of that evolution in the software segment.
This past year, RSA created an information security team, overseen by Wood that is responsible for monitoring security threats and incorporating new security policies into RSA's solutions.
About 18 months ago RSA enhanced its security strategy to create Defense in Depth or DID, a methodology of multiple layers of security or defense that addresses institutional and operational security. Not to get to deeply into the weeds about DID, RSA’s definition of institutional security addresses the client company and how it’s IT is run while operational security is RSA’s customer service organization and its hosted platform, a platform Wood describes as one of the most secure in the industry.
"Our application has to go through some very rigorous validation, certification, and third-party audits," explains Wood. "Our developers have to be trained on security development and software development. We have vulnerability scans, and penetration tests, and ethical hacks against us often, and we have to be able to pass those."
Security requirements change all the time. Just this past June the PCI Security Standards Council (PCI SSC) announced two new validation programs for use by payment software vendors to demonstrate that their development practices and their payment software products address overall software security resiliency to protect payment data. All businesses that store, process or transmit credit card data electronically are required to follow the compliance guidelines. As a result, RSA’s products had to be re-certified to ensure they met this new requirement.
"We are constantly watching how the industry is changing and adjusting accordingly," said Wood.
Those types of initiatives can be cited by a dealer to help validate that the software they sell is secure, continues to be secure, and the software provider is serious about security.
Security and the Commercial Printer
Not as much if you ask Wood. That doesn’t mean a dealer shouldn't discuss security issues with a commercial printer. Wherever and whenever data is flowing in and out of an organization, there is a security risk, and an opportunity to discuss security. As more customers demand the files they are sending to their commercial printers are encrypted, the commercial printer better be poised to accommodate them.
Any way you cut it, data needs to be secure, no matter what method the printer is receiving a file, especially when it contains private information such as employee data. If it’s a healthcare organization there are HIPAA compliance rules that need to be met.
"One must always be prepared to manage and meet customer expectations," emphasized Wood.
Ask an Expert
For dealers who need to up their security game, a software partner such as RSA is an excellent resource. Wood acknowledges that with all the security requirements emerging within different vertical markets, it’s not easy for the average dealer to acquire the knowledge base. Just throwing somebody at it who doesn’t have the appropriate knowledge is a recipe for failure.
"We can talk to a customer’s IT department in their language and overcome their problems," says Wood.
He believes it starts with understanding the printer’s capabilities and understanding how data gets to the printer. RSA recently received a call from a grocery store chain after it realized that someone could open their check in a PDF viewer and manipulate it, and then send it to their printer.
"They were pretty well freaked out about that," recalls Wood. "They engaged us, and we were able to make adjustments so that they could track the job, but couldn’t see the job, and couldn’t open the job. I’m using checks as an example, but we can encrypt any print job—medical records, bank statements, all kinds of different types of data. We’re quite comfortable with things like that because we’ve done it before and seen as bad as it gets, so we’ll usually have an answer."
RSA also has IT handbooks that serve as a resource. These are gated inside the company's partner resource portals. The IT handbook can then be provided to the client's IT department to answer security and other IT-related questions. RSA also has an applications security standards document that is updated every year as to how the company locks down its systems as well as its other security initiatives that clients can review in order to verify RSA's security protocols.
So, how will you respond when a client or prospect asks if the software you sell is secure?
If you’re selling software from Rochester Software Associates, that response should be a resounding yes. Better still, you’ll be able to identify why it is secure.