: How to promote the quality/security of your a website to your its customers? Our organization is building a Drupal web platform that we aim at reselling as a cloud service. In order to provide
Our organization is building a Drupal web platform that we aim at reselling as a cloud service. In order to provide our customers with maximum confidence in our solution, we're looking at ways of publicly conveying trust regarding the quality and security of our platform. Here is what we came up with some far:
-Drupal: are there any Drupal certifications available out there?
-PHP: have your PHP developers certified (e.g. Zend PHP certification) and display the certification image (ideally, create links from the About/Team/Dev page to a page on the zend website where this could be verified).
-SSL: buy certificates from sizable CAs (e.g. Verisign) instead of cheaper and not as known ones (e.g. prontossl.com) and display the CA seal on your website accordingly.
-System: have your system penetration tested by a known security company, have a case study written about it.
-Infrastructure: get your infrastructure ISO QMS 9001 certified.
-HTML/CSS: show that your company is doing everything it can to remain standard-compliant by making your code W3 compliant and showing the W3 valid icons on your website.
-Misc: get your engineers to pass some security certifications, like one of these.
Are there anything else you can think of that could help promote the quality/security of your platform?
PS: if you're planning on answering with a "what really matters is the actual quality/security of your solution more than how good/secure it appears to be" type of answer please refrain. We all know it's true, but we also know that from a sales standpoint, it is very important to be able to rely on certifications to efficiently promote quality/security.
More posts by @RJPawlick198
1 Comments
Sorted by latest first Latest Oldest Best
The ideas you mentioned are great already, here is what I would consider in addition to that. I don't consider a limited budget, deciding where to invest is up to you. Some of those approaches can be pretty expensive:
Infrastructure: ISO 27001 is another possibility if you want to certify your data center. Well known and accepted in the security community. There might also be local interpretations of this standard. The BSI in Germany for example has a similar thing called IT-Grundschutz, which is based on ISO 27001 and 27002.
Web Application: If you handle credit card information on your website you should or maybe even must take a look into PCI-DSS. In addition you can get a security certificate based on OeNorm A 7700, an European standard that allows the certification of web applications. The certification requires a full blown security sourcecode review - you should decide in advance if this effort is justified, especially in case you only want the certificate for marketing reasons. To improve the security of your application, this is of course the recommended approach.
Engineers: My preferred certificate for engineers is the CSSLP (Certified Secure Software Lifecycle Professional), I am currently learning to take the certification myself soon. Education is key to build secure applications. Having engineers with solid security know-how will help you on the long run to reduce security costs.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.