Why Business Software Buyers Are Demanding Baked-in Security
Data backup, security alerts and encryption are seen as “must haves” and “deal breakers” when businesses choose software, a new report by Capterra, a free online marketplace that brokers software deals between buyers and the IT vendors said.
The Software Security Imperative
So powerful are security concerns surrounding software that businesses are willing to pay a premium for well-designed and secure software, Capterra said.
More than three-quarters (76%) of survey respondents cite data backups as a deal breaker when choosing software. The second most important security feature is the ability to receive security notifications (72%), followed by encryption in transit (68%) and encryption at rest (67%).
The availability of a software bill of materials (SBOM) is emerging as a required security feature among businesses buying software, Capterra noted. An SBOM is a list of the components used to build a software package and is meant to inform organizations of related security and compliance risks. It’s cited by 55% of businesses as a must-have feature.
Offering his recommendations, Zach Capers, senior security analyst at Capterra, said:
“Businesses should continue to place a premium on security as a key differentiator when buying software. While organizations should focus on key features such as data backups, security notifications, and encryption, don’t overlook lesser known, but equally important, features such as the availability of an SBOM.”
Examining Password Authentication
Organizations are also boosting security by focusing on robust authentication measures, Capterra said in the study. While 59% of businesses still look for relatively insecure password authentication, 52% want software tokens (e.g., 2-factor authentication, Google Authenticator), 40% pursue hardware tokens (e.g., USB key), and 39% look for biometrics, all of which are stronger than passwords. One-third (33%) are interested in passwordless authentication.
Businesses look for security certifications and attestations provided by software vendors to see how the tools they’re buying adhere to specific protections. According to 59% of businesses, a Cloud Security Alliance certification makes the software more appealing, followed by 47% that are interested in the Cybersecurity Maturity Model Certification (CMMC).