My org needs this solution, how do I approach bringing it in? From a HYPR sales rep.

This is a conversation I encounter quite often. "We need this and we need it now, but because of 'XYZ' (usually budget cuts due to economy or many ongoing projects) I am not quite sure on how to sell this internally." And with this, bringing in new technology has become more difficult for the innovators and technology evolutionists (is that even a term? If not, I am coining it).

Now, I work for HYPR so this will be geared toward our Passkey Phishing Resistant MFA offering, but this holds true for most if not all Cyber projects and products.

But first, a story. Early in my career I had the opportunity to meet with the legendary Scott Howitt (currently the Chief Digital Officer at UKG). At the time, Scott was the CISO at MGM. My BDR had booked a meeting onsite with him and we traveled down to Nevada to meet with Scott in person.

When we walked in, I could tell Scott was a bit surprised to see only two of us show up to the meeting. If you do not know him, Scott Howitt has held many high level positions at large and important enterprises that have ranged from CTO, CIO, CISO and now Chief Digital Officer. He also has a great understanding of current and past regulations that dictate future legal requirements to different industries. So, needless to say, he is used to having teams arrive during a sales cycle to try and prove their value; and can ingest information from a large number of perspectives. During the meeting, in a sense "corrected" our messaging to pivot on the actual value. Essentially, I went in expecting to pitch a product and left with an education on how to prove value. Value surrounding three areas. Does this make us more secure? Does this improve the lives of those interacting with the company? Does this add value in not just a monetary sense but a cultural sense as well?

These three concepts are simple, but when broken down they become layered and more complex. It takes time to put together the RIGHT (hard emphasis on right) data points in order to form a compelling and action inspired business case.

Thinking on the points Scott and many others have now begun to break down, you must understand what your business does and how they drive revenue, even with security technologies. Which, by the way, 10 years ago was mostly based on only a "what the minimum we can spend to not get breached" mentality. Vendors should have this as a customized template ready to go for you (yes, shameless plug, HYPR does already). Your leadership is busy, as we all are, so it is important to know what is important to them and more so, significant to the business.

Again, I am a proud representative of HYPR so I will approach this exercise from a HYPR stand point. And with HYPR our true value comes with the removal of passwords, the known, sharable, and hackable factor.

So,

Item 1: Does this make us more secure?

Look at what you have in place today, if anything. Do your employees start their day by typing in a password to their desktop? Do you have MFA in place everywhere? And more importantly does that MFA use a password as one of the factors? Or even, when it fails, does it default to a password? Because if so, you already have all the info you need to articulate why HYPR makes you more secure. HYPR is end to end FIDO certified ensuring the highest level of assurance at every authentication point for your employees and customers. No hidden passwords behind the scenes or push notifications or OTP's. I can't tell you how many times I have heard "the problem with security technology is the people using it". And it's true. Still. So remove the known factor and make your self more secure.

Good segway here.

Item 2: "Well, if its more secure, its going to hinder the user experience." So, how does this actually improve the experience our customers and employees have while interacting with the organization?

This one is more simple. Ask your leadership the open ended question of what they think of passwords. Not just from the security stand point, but from UX stand point. Having to remember them, type them in, reset them, and change the policies on them. I am willing to bet you will not get pleasant answers. Take it even further, you type in your username then your password, then get a push notification (don't even get me started on that) then get an OTP and/or biometric request THEN have to type in some number matching process. Is that a good user experience? Then ask them, if they have a smart phone and if they can touch a button- yes, thats the user experience with HYPR- like a remote control for your auth. Furthermore, if they don't have a smart phone (they should get one) do they have touch ID on their MAC or WHFB on their PC or even a FIDO key (Yubico, Fetian, Token etc)? Then you can use HYPR to manage these and still authenticate 3x faster, maybe with a smile, never calling the helpdesk or your manager for a lock out again.

Item 3: Lastly, how does this add value? Where is the ROI?

This is an exciting one, because for the first time MFA has an ROI. When we take at look at things like: What are the gaps? Where is the pain? Typically this is found with digging into the risk involved with using passwords. How many employees use passwords? Where do they use them? Are they allowed to re-use them in more than one portal? How many breaches in your industry are due to passwords? Whats the average cost of a breach in your industry due to passwords? What does this equate to if we do nothing? How many password resets does each employee have to do a year? Gartner/ Forrester has come up with research that it is over $230 per employee per year for password reset calls, on AVERAGE. And our customers have confirmed these stats. This is an enormous figure in totallity. Certainly enough to ignite the fire. But there is more.

What about phishing? That annoying and persistent elephant. Your SOC has too many threats to worry about to be having to spend hours on phishing investigations just because someone was tired and clicked a link that is trying to steal credentials. Nevermind having to hire an expensive third party to have to look into it. You can say goodbye to that. With no known factor, there is simply nothing to phish. This is a huge value.

How about productivity? Getting locked out is annoying and time consuming for both the locked out individual and the help desk. "I didn't change my password in time for the policy, how do I even open a ticket if I can't get in?" Or how many times do you have to re-authenticate per day because your methods are not secure to begin with?

In summary, digging into these three concepts will help you discover the value in the solution you are evaluating (in this case HYPR) and if your vendor doesn't have something for you to go off of, or to show you where to go to get these answers, then their customers haven't been able to realize the said value of that solution. Even in an economy like today you can bring in technologies that make the world a better and more secure place to interact with your business.

And finally, last HYPR plug. FIDO (if you don't know what it is, look it up- as a past professor of mine, Brandon Catalan, used to say- if you can google it don't ask me it) has been around for about a decade and it is critical to be implemented for your customers and employees. Things like Passkeys are "re-terming" and educating the broader world on what the passwordless future looks like and could not have been a better amplifier of what HYPR is doing to cover all your authentication use cases. From all operating systems, IDP's, VPN's, and portals. There is a reason why even Microsoft is saying to go to HYPR for your passwordless enterprise.

(https://www.dhirubhai.net/search/results/content/?keywords=misa%20hypr&sid=Xgh&update=urn%3Ali%3Afs_updateV2%3A(urn%3Ali%3Aactivity%3A7058060833930534912%2CBLENDED_SEARCH_FEED%2CEMPTY%2CDEFAULT%2Cfalse).

Happy to dig into this further, give us a call and we can show you how to win.