I've never been a fan of companies newsjacking vulnerabilities when it comes to computer security. In the last week though it has been interesting to see how people tackle Heartbleed, especially in the security community where everyone seems to have snake oil to heal all that ails you.
The reality is that defending against the vulnerability shouldn't be the concern. Bugs are going to happen. There is no such thing as perfect security, nor perfect code. And anyone that tells you that absolute security is possible because of what they have to sell you doesn't understand security nor the money and motives that can drive the breaches to such systems.
No, what SHOULD be done is the focusing on proactive security practices and incident response. We need to think more critical about is how we can avoid such issues when possible, how to HANDLE these incidents when they come to bare, and how we remediate issues as they happen. Now is a great time to have a conversation with your customers about their password management processes.
How to talk to customers about how AuthAnvil can help
If you are a partner reselling AuthAnvil Password Solutions, then your discussion in the midst of everything going on about Heartbleed should be about how they could be avoiding these types of issues by eliminating the need to use passwords to begin with. Start talking about how they can use federated login with AuthAnvil Single Sign On to eliminate the risk of sharing passwords with web applications. Examples like Office 365, Google Apps, Salesforce and Microsoft Dynamics are just the tip of the iceburg on discussions about how single sign-on could really help eliminate the need to use passwords to begin with.
For web applications that don't support enterprise-class single sign-on, discuss how they can use AuthAnvil Single Sign On with the SSO Assistant and the AuthAnvil Password Server together to securely store credentials that get injected for them during login. Then continue that discussion to explain how password expiration and automated password changing work within AuthAnvil. In the midst of the Heartbleed risk, they could be having AuthAnvil automatically go out to the websites and change the password for them using web workflow automation. Of course, if they aren't using AuthAnvil like that yet for their B2B web app communications, this is a perfect opportunity to offer them professional services to assist them in building the web workflows and setting them up in the AuthAnvil Password Server and AuthAnvil Single Sign On portal. The consultation time to explore what web applications they use may even expose you to more opportunities when you find they could be using AuthAnvil Two Factor Auth to help lock down access, especially for cloud apps focused around virtual desktops (VDI), terminal services and information sharing.
Offering AuthAnvil as a service
Many of your customers aren't going to want to go deep into the tech with you. They want YOU to handle it for them. This is the perfect time to be providing them an authentication-as-a-service (AaaS) offering that demonstrates how you can organize and control all their multifactor authentication, single sign-on and password management needs. Increase revenue opportunities for you while at the same time increasing loyalty from them. If you haven't yet set that up within your business and need more information, you should grab our free eBook on the subject.