Part 3: Balancing Speed and Security: How Sales and Application Security Teams Can Collaborate

Introduction

Welcome to the third installment of my series on building a holistic application security program through cross-functional collaboration. In our previous installments, I explored the roles of IT Service Management (ITSM) and Marketing in enhancing application security. Today, I turn my focus to Sales—a department where speed and efficiency are paramount, and where security measures are often seen as obstacles.

As a salesperson, I understand the pressure to move quickly, close deals, and meet targets. Any hindrance to the speed of sale is often viewed as "Sales Prevention." Salespeople are notorious for leveraging any technology that promises to make their job easier and faster, often resorting to Shadow IT and now Shadow AI. However, with the right approach, sales and application security can work together to not only protect the organization but also enhance the sales process.

Importance of Sales in Application Security

Sales teams are on the front lines, interacting with customers and handling sensitive data. Their role in application security is crucial, as they can either be a strong ally or a significant risk. By understanding and integrating security measures, sales teams can help protect customer data, build trust, and ultimately drive more successful sales outcomes.

Key Components of Sales' Role in Application Security

Speed vs. Security: Overcoming the "Sales Prevention" Mentality

Salespeople often perceive security measures as impediments to their primary goal—closing deals quickly. However, understanding the importance of these measures can transform this perception.

• Education and Training: Providing sales teams with training on why security measures are necessary can help shift their perspective. Explaining the potential risks of Shadow IT and Shadow AI, such as data breaches or compliance issues, can illustrate the importance of following security protocols.
• Proactive Security Involvement: Security teams can proactively engage with sales to understand their needs and suggest secure tools that can help them work efficiently. This collaboration can mitigate the tendency to use unauthorized technologies.

Building Trust with Customers

Trust is a cornerstone of successful sales. Demonstrating a commitment to security can significantly enhance customer relationships.

• Security in the Value Proposition: According to Force Management’s “Command of the Message” framework, sales teams should have a deep understanding of their value proposition and be able to articulate it effectively. This includes integrating security into the message. Emphasizing the organization’s robust security measures and being transparent about security policies and practices can build trust and differentiate your organization from competitors. Aligning the value proposition with security measures can help customers see the holistic value of your solutions. As Force Management states, "Your sales team must clearly understand your organization’s strengths—as they relate to the weaknesses of your competition." These strengths may include a strong focus on cybersecurity and a robust, holistic application security program.
• Quarterly or Semi-Annual Review Meetings: Regularly updating customers on new security measures and practices during review meetings, especially in security-conscious industries like banking, infrastructure, and healthcare, can reinforce trust and demonstrate a commitment to protecting their data.

Leveraging Secure Technologies

Sales teams can still leverage technologies to improve efficiency without compromising security.

• Vetted Applications: Sales can request that new applications be vetted by the security team before use. This ensures that all tools used are secure and compliant with organizational policies.
• Collaboration on Tool Selection: Security teams can work with sales to identify and approve tools that enhance productivity while maintaining security standards.

Maintaining Long-Term Customer Relationships

The sales process doesn't end with closing the deal. Maintaining customer relationships for future sales is equally important.

• Ongoing Security Engagement: Regularly updating customers on new security measures and practices can reinforce trust and demonstrate a commitment to protecting their data.
• Feedback Loop: Creating a feedback loop between sales and security can help address any ongoing security concerns and improve processes continuously.

Conclusion

Sales and application security teams often have different priorities, but their collaboration is crucial for a holistic application security program. By working together, they can protect customer data, maintain compliance, and build trust—all while achieving the rapid deployment necessary for competitive sales strategies. Integrating security into the value proposition is essential. As Force Management highlights, "Your sales team must clearly understand your organization’s strengths—as they relate to the weaknesses of your competition." These strengths may include a strong focus on cybersecurity and a robust, holistic application security program.

To get started, map out your key stakeholders and schedule those essential conversations today. By taking these initial steps, you'll be on your way to becoming a trusted advisor who can guide your clients towards a more secure and successful future.

In the next installment of my series, I will explore the critical role of the Human Resources (HR) department in application security. HR is pivotal in fostering a security-aware culture and ensuring compliance with security policies through employee training and access management.

Up Next:

Next week, I will release a bonus edition specifically for my fellow sales colleagues. This special installment will break from the standard talk track to provide practical tips on helping your clients identify stakeholder groups, facilitate essential conversations, develop use cases that incorporate requirements gathered from those discussions, and create a path for success in achieving outcomes beneficial to the company at large. This is particularly important for clients in security-conscious industries like banking, infrastructure, and healthcare. Stay tuned to learn more about empowering your sales process with application security insights.

Reference:

Miller. R. C. "What's the Meaning of Command of the Message?" Force Management Blog. https://www.forcemanagement.com/blog/whats-the-meaning-of-command-of-the-message