Security considerations for Enterprise Application


#1

Hi Guys,

We have a startup helps companies determine if they are compliant to certain regulatory requirements. We would like to offer this as an online service and have enterprises create accounts. We anticipate a bit of friction as the application requires sensitive company information. What are some key considerations in order to give our clients confidence in our solutions.

It is a meteor based app. Hosted on Galaxy. Using mLab.


#2

What are the issues you run into? You can implement many things to improve security.

You can split them up in:

Technical:

  • encryption
  • 2 factor auth
  • etc

And:

Process

  • following a standard process
  • testing
  • audits
  • etc

Your question at this point is not really answerable because there are so many options to consider. It depends strongly on what your clients and yourself find most important.


#3

@lucfranken makes some great points. Especially the last one. Partner with some potential customers that you may already have relationship and trust with. Ask them for a list of security controls they must meet internally and expect vendors to support.