Is Your Company’s Security Safe in the Hands of Sales?

April 25, 2019

If you’re in the business of B2B or SaaS sales, then this should be a familiar scene for you: Your sales team just closed a huge new deal. This partner is set to bring in new revenue, help collaborate on new product functionality, and help move your business forward. And then, someone brings up data sharing. So, being a sales conversation, a salesperson steps in to answer questions and, before anyone knows what’s happening there is a hastily drawn up security protocol in place that may or may not be compliant.

While the above scenario isn’t uncommon, it does pose some questions and long-term risk for corporate cybersecurity. When it comes down to cementing new partnerships and integrating data with customers, vetting security processes and finding the right path for success is key. After all, this is how a corporation can ensure it maintains its security posture and reputation in the marketplace. What causes some sense of concern, however, is the fact that sales teams are often leading this charge instead of InfoSec teams.

Even in an age of growing InfoSec focus and more cybersecurity roles than ever before, there is still a looming skill gap between the roles in place and the need in the marketplace. Because salespeople are actually in the room when deals close and are the ones leading this conversation with prospects and clients, they are often the ones strategizing and managing this process. And, because sales conversations are usually approached from a value-focused angle, cybersecurity isn’t always at the top of the ‘most important’ list. Cloud security ends up being tacked on to other initiatives instead of being given the time and attention it truly needs.

Of course, this isn’t to say that salespeople are inept or at fault at all. In fact, having to deal with the back and forth of cybersecurity protocol is actually slowing sales reps down and preventing them from focusing 100% on closing new business and making sales. Sales reps should be able to focus on doing their jobs without the never-ending red tape of RFP back-and-forths, security questionnaires, and security postures.

This sales-heavy security process should incite InfoSec teams to become more involved with the sales process from the beginning. It’s no longer scalable for CISOs, InfoSec team members, and other cybersecurity professionals to join client talks after a deal is already signed. Instead, these roles should join conversations with prospects early on in the sales cycle. InfoSec and sales teams should work together to ensure security protocols are in place before, during, and after a new sale closes.

At the end of the day, salespeople are good at their jobs for a reason. They know how to talk to prospects, work a room, and negotiate revenue. Similarly, InfoSec teams are extremely good at their jobs. They understand the complexities of security requirements, know the in’s and out’s of integration rules, and have the answers on-hand to detailed RFP questions and processes. Sales reps, while eager to help, don’t need to waste time hunting down answers to security questionnaires when InfoSec teams already have these answers on hand. Additionally, InfoSec teams should be able to frame security details in the right way that could actually help close more deals. It’s all about finding balance and giving everyone the right tools to be successful.

You can learn more about bridging the gap between InfoSec and sales teams here.

information security cybersecurity sales supply chain cloud computing

About the author


The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.