One of our clients recently had a full audit, just to see if they fit the requirements necessary to be a service provider for a potential enterprise customer. Disaster recovery plans, complex data backup plans and security certifications that you probably didn’t even know existed.
Thankfully, the average small and medium sized business doesn’t need all of these things to secure enterprise clients but it can still feel like a challenging number of hoops to jump through. Don’t let that put you off!
There are some neat features you can include that will help, some of which will be equally as attractive to your small and medium sized customers:
1. User management
Within larger companies, more than one person will usually need access to your application and internal security policies will discourage users from sharing login credentials. Instead, they’ll need to allow multiple users to access them same content and/or service that your app is offering. The good news is, they won’t paying more for the privilege.
Or, why not go one better and offer role management? This allows people at a more senior level to have full access while others are given ‘read only’ rights.
Role-based authentication policies will go a long way in persuading enterprises and big companies to choose your app over a competitor.
Here is how Mailchimp does it:
Want to go the extra mile? Allow the administrator accounts to set authorization policies for specific actions by specific users or user groups. Sweet!
2. Security Certificates
The more secure your app is, the higher the chance that it will get the approval of the IT department within a big company.
At the very minimum, it needs to have the registration and login process handled on the secure https with a valid security certificate from a reputable company. GoDaddy, for example, is acceptable but a more trusted alternative is Symantec.
Securing your whole app to https:// will make a massive difference toward building trust with all your customers, not just the big ones.
To win even more brownie points, consider adding Data Encryption at Rest, whereby you store all your customer’s data on your own servers. If the worst should happen and there is a breach, data can’t be read by any third persons because only the customer has access to it.
3. Safer Authentication
Allowing users to secure their login process is another great step toward getting the necessary approval from an IT department.
The best part is, you don’t have to reinvent the wheel. There are already services out there that allow you to setup 2-step authentication:
With so many web apps being hacked on a seemingly more frequent basis, privacy and account security is a hot topic these days. No one likes having their data compromised and it’s no longer just the tech savvy user who will appreciate the extra layer of security that 2-step authentication provides.
IP filtering is another thing that you can easily implement and will go a long way toward making it easy for enterprise users to get approval to use your app.
Users can either whitelist the IPs from which they access your app or simply approve each new IP as they access your app from it. Here is how dotMailer implemented the process on their email marketing app:
4. Infrastructure Status Reports
Every app has its down times. It happens to everyone, from Google, to Twitter, to trivial online games.
Enterprise customers know this because it happens to them too but when it happens, they need to know how long it will take to get fixed. It’s easy for a user to get stressed when something goes wrong and they don’t know what’s happening and this is especially true in the corporate environment.
Make sure you offer a public link to your infrastructure status report and each time something happens, link to it so you get users familiar with it.
Here is how Basecamp, a software for project management, does it:
5. Reliable support
This is something that all of your users will appreciate, not just the enterprise clients. Where they differ is that they seem to prefer email support rather than speaking to someone on the telephone. Email provides an easy way to keep archivable records of what is happening and if something isn’t resolved as expected, they can easily look through the archives to check what was promised and when.
When something goes wrong they want to be answered as quickly as possible. Send your reply in minutes, letting them know you are aware of the problem and that you’re fixing it, and they’ll be delighted.
When they have a question or need a new setup, it’s not speed of reply that makes the difference but how things are documented and how well they fit the initial request. The closer you can come to meeting that initial request the better because any deviations from an agreed course of action will require them to go back into a new round of meetings to seek new approvals. They hate that!
And finally, if you’re invited to video conference with an enterprise client, don’t turn them down. They love to see who they’ll be working with and it could be the start of a very lucrative opportunity for you and your business.
Yes we know, no one reads those boring terms and conditions or privacy policies, right? Wrong! The lawyers of the big companies read every single line and those boring words that you would just skim over (or totally ignore!) are sometimes a deciding factor in whether or not to use an app.
Make sure you keep all of your documents up to date and accurate. The easier to understand the language the better. You can’t hide behind lawyer speak because, hey, they’re lawyers and they know the language too. Risk dialing it in and they’ll spot it a mile off.
Even if you only target customers from one country, big multinational enterprises might be required to respect the law of different countries so keep that in mind. For example, if Europe requires you to place cookie details in your terms and conditions but you only sell in Australia, it might be a smart thing to do it the European way as well.
7. Check your own service providers
Do you use the cloud? Is the service that you are using enterprise friendly? If your customer’s data will end up linked with these services, it’s up to you to make sure that they can be held to the same high standards that your customers have come to expect from you.
It doesn’t matter how well you serve your customers, if you use a sub-standard service that gets breached and customer data is compromised, it’s still you who are liable.
The last thing that you want is to get sued by an army of lawyers from an enterprise company, especially when you know you did everything right in your yard but you simply chose the wrong service provider to partner with.
Don’t have the legal skills to tell service providers apart? As an absolute minimum, check their portfolio. If they have big enterprises, government and army organizations as clients, you can be pretty confident that they’re not messing around.