Security can be a huge sales and business enabler, as I've mentioned before. If your company and its prospective customers are in a regulated industry — and even if they’re not — you can bet they’re going to ask about your security posture during the sales process. For a number of reasons (including the many high-profile security breaches over the last few years), sales prospects are more aware of risks to their data than ever before. Naturally, they are upping the security requirements for doing business with vendors and partners alike.
This means it’s more important than ever that your sales team understands how to talk to prospects about security. In this post, we’ll outline a number of ways that businesses can do this and do it well.
1. Know Your Audience
Before you ever get on the phone with a prospect, it’s important to understand who the buyer is and what they care about when it comes to security. Some questions you should ask yourself include:
- What industry are they in?
- What is their business model?
- How big is the company and who (if anyone) is in security?
- What types of compliance are they required to meet?
- What kind of data are they looking to process and/or store within your product or service?
- Have they experienced a security breach, or has a company in their industry?
Once you understand where they’re coming from, you can get a good sense of what they care about and how to best approach the call. It’s your job at this point to prove to them that you understand their security goals, that you work with other companies that have similar goals and requirements, and that their data will be safe with you. The more you can bring this to life with actual customer stories, the better they can envision trusting your company with their data.
The key is knowing the prospect so well that you may even know the security challenges they’re facing better than they do.
2. Get Close to Security and DevOps
Your prospects are looking to see that you have proper defenses, as well as monitoring and alerting, in place. They need to be sure that, if a security incident occurs, you have complete visibility across your cloud environment and can protect their data. If you can’t prove this level of visibility, that can be a problem — even a deal-breaker — for companies, and rightly so.
That’s why it’s important for your sales team to get a complete rundown of your company’s security posture from either the security or DevOps team. Reps don’t necessarily need a complete technical deep-dive, but it’s important that they understand how your company meets best practices and key compliance regulations as they relate to the requirements that potential customers will have. If your company processes payment data, for example, your security team should show the sales team how your company meets PCI compliance. Even better, if security can put together a one-pager explaining some of the top concepts the sales team can reference, that can be a big aid in the sales cycle.
From here, you’ll need to establish a process for involving the security (or DevOps) team in the sales cycle. The delineation of responsibilities in the sales process should look something like this:
- The sales team’s job is to understand the prospect’s business and security requirements.
- The security or DevOps team’s job is to provide technical credibility and guide the prospect through a security evaluation of the product.
Your role as a salesperson comes first in this equation. It’s your job to ask the right questions and understand the prospect’s security priorities before engaging your security or DevOps team to answer the deeper, more technical questions. Then, it’s time to bring security into the fold. Having someone from security or DevOps involved in the process will bring credibility to the sale, so it’s important that they understand the value and can accommodate sales calls in their schedule.
3. Be Transparent and Proactive
Transparency is key in the sales process. The more information you can give a prospective customer early on from a security standpoint, the more likely the sale will close. Waiting to discuss security until the end of the process can slow things down to a grinding halt. You don’t want to lose a sale after all the time you’ve spent proving the value of your service, conducting a full evaluation, speaking with various stakeholders, and so on — just because they weren’t clear on what you offered in terms of security. So it’s critical that you be proactive about the security discussion in any sales cycle where it’s relevant.
Transparency can start as early as the first time a prospect visits your website if you state your security processes and policies right on the site. Walmart does a great job of this by providing clear statements on privacy, identity theft, fraud alerts, information sharing, mobile security, and even specific technical details on phishing attacks and other security-related topics.
Your website doesn’t have to be this elaborate, especially if you’re a small company. But it should cover the basics. Even a simple page that explains how you protect customer data can go a long way towards helping a prospect feel confident going into the sales call. Furthermore, if you have an internal security evangelist who can talk openly about your company’s security practices (at conferences, on the blog, in webinars, etc.), that can help to let your market know that you take security seriously, and it can add a boost of credibility to the sales cycle from the very beginning.
4. Prepare for the Security Questionnaire
Today, prospects are much more knowledgeable about the types of cloud security measures any SaaS solution they’re evaluating must have, so questionnaires have evolved to be much more cloud-focused, and your team needs to be prepared for that.
Your sales team likely won’t be filling these out — that’s a job for the security team — but it’s important that you help them complete these in a timely manner so it won’t hinder the momentum of the sales process.
What are prospects looking for in these questionnaires? If you (or they) are in a regulated industry, most of the questions will revolve around compliance. If you’re not in a regulated industry, the questions will likely have more to do with industry best practices and how you will protect their data — including what you’ll do in the event of a breach. Often questionnaires will also ask about the security of the cloud vendors you use, whether it’s AWS or Microsoft Azure, as well as information about any point solutions you use. Be sure your security team also knows how to explain the security measures of your own cloud vendors.
Remember, at the end of the day, the goal of the questionnaire is to communicate and verify your company’s security position so the prospect can confidently make a decision about conducting business with you.
Get Ahead of Security in the Sales Cycle
Security is only going to grow more integral to the sales process as threats continue to proliferate, as companies become better educated about security, and as companies seek out vendors who take security seriously. Being prepared and able to talk about security proactively and openly with prospects can go a long way to ensuring a smooth sales process.