As a Sales Leader, How Do You Have “The Security Talk” With a Vendor?

If you’re in the market for a flashy sports car — even if all you care about is looks — you still need to know what’s under the hood.

The same goes for sales software. No matter how flashy it is, and no matter how badly you need it, you need to make sure it’s secure.

Why You Need to Be Able to Handle “The Security Talk”

For sales leaders, a security discussion might not be something you’re completely comfortable with. Your first instinct when a security issue arises might be to hand it off to IT or Legal. 

But before you go to them, I highly recommend you do just a little bit of work upfront. It can have huge downstream benefits for you:

• You’ll know if the tooling is worth pursuing at all, potentially saving you and your team dozens of hours
• With more information upfront, the security assessment will go much quicker
• If you don’t have a security team (or they aren’t very good) and you sign off on new tooling, it’s your career on the line if it leads to a data breach
• You’ll get your hands on your new tooling faster

Get the Easy Stuff Out of the Way

First, you need to ask some basic questions to know if the tooling meets modern security standards:

• Are you SOC 2 compliant?
  • SOC 2 compliance is essential for modern SaaS tools. It demonstrates that they meet standards related to security, confidentiality, and privacy. 
• Are you GDPR compliant?
  • GDPR compliance is necessary for any business expecting to work with international clients. Even if you don’t expect to, GDPR compliance is an important sign that the vendor you’re speaking with takes privacy seriously.
• Do you undergo pen testing?
  • Pen testing is short for “penetration testing.” It’s a common security practice where you hire a third-party to test your security. It’s the best way to identify any potential vulnerabilities.
• Do you encrypt data in transit and at rest? Are you using AES-256 and TLS 1.2 encryption?
  • These terms are all a bit jargon-y, but ensuring enterprise-grade encryption is critical for preventing data breaches.

If the answer to any of these questions is “no,” you should end the conversation there. If the answers are “yes,” ask for supporting documentation.

Dive Into the Data

Next up, you need to have a serious conversation about how they handle data. These are the most important questions to ask:

• What data do you need access to?
• Why do you need it?
• What will you do with it?
• Where will it be stored?
• How long is the data retained (and when will it be deleted)”
• Will my data be used for other companies?
• How much control do I have over this process?

If they don’t have answers to these questions, it’s a red flag. If they do have answers, but the rep sounds cagey or like they’re stretching the truth (you’ll know it when you see it), it’s another red flag. But if the sales rep handles the questions deftly, you can be confident in moving forward with the vendor.

Now that you’re equipped to have “the security talk,” go out there and try it! You can bring up security as early as a first meeting. Don’t be afraid, odds are your sales rep will be impressed that you’ve done your homework, and your security team will thank you for it.