We have a startup helps companies determine if they are compliant to certain regulatory requirements. We would like to offer this as an online service and have enterprises create accounts. We anticipate a bit of friction as the application requires sensitive company information. What are some key considerations in order to give our clients confidence in our solutions.
It is a meteor based app. Hosted on Galaxy. Using mLab.
What are the issues you run into? You can implement many things to improve security.
You can split them up in:
Technical:
encryption
2 factor auth
etc
And:
Process
following a standard process
testing
audits
etc
Your question at this point is not really answerable because there are so many options to consider. It depends strongly on what your clients and yourself find most important.
@lucfranken makes some great points. Especially the last one. Partner with some potential customers that you may already have relationship and trust with. Ask them for a list of security controls they must meet internally and expect vendors to support.