Hi Guys,
We have a startup helps companies determine if they are compliant to certain regulatory requirements. We would like to offer this as an online service and have enterprises create accounts. We anticipate a bit of friction as the application requires sensitive company information. What are some key considerations in order to give our clients confidence in our solutions.
It is a meteor based app. Hosted on Galaxy. Using mLab.
What are the issues you run into? You can implement many things to improve security.
You can split them up in:
Technical:
And:
Process
Your question at this point is not really answerable because there are so many options to consider. It depends strongly on what your clients and yourself find most important.
@lucfranken makes some great points. Especially the last one. Partner with some potential customers that you may already have relationship and trust with. Ask them for a list of security controls they must meet internally and expect vendors to support.