How to Obtain Buy-in on Security Initiatives for Your SaaS Company

Strong security is vital to any SaaS company, enabling platform stability and integrity while instilling confidence in potential customers.

There’s nothing new in this statement, but, with an eye on the bottom line, C-Level executives, board members, and VC firms often take a little more convincing when it comes to implementing new cloud security strategies — especially if it means shelling out cash for new solutions or team members. Obtaining buy-in for new security initiatives can be a time-consuming task requiring several layers of validation.

There’s a very real risk of security initiatives losing out to more obvious business drivers when it comes time for budget allocation. But as an IT or security team lead, it’s your job to advocate for security priorities. In this post, we’ll outline the steps you can take to get the green light you need for your cloud security strategy.

1. Know Your Stakeholders

First and foremost, it’s important to identify the decision makers at your organization when it comes to implementing new security initiatives and to go to them directly. Find out who has authority over security decisions today and who needs to be involved in the future. Identify the roles of the decision makers and their relationship to security (if any).

Once you’ve identified the right stakeholders, it’s equally important to speak their language. It’s easy for tech leads to get — well — technical. Instead, you’ll need to translate your argument into business speak in order to foster a true understanding of how vital security is to a healthy SaaS business. You’ll be able to focus on the technical details later on, once your security plan is authorized. For now, you’ll be more effective if you focus your talking points on the business benefits of your strategy, which we discuss below.

2. Focus on the Competition

SaaS companies know better than anyone how quickly the market can move. Building and maintaining trust with prospects and customers needs to be a top priority for your company, or you can easily lose out to the next hot challenger to hit your space. SaaS products, by nature, are easy to swap and replace. So if your customers find that a security breach led to the exposure of their data, they may very well hit the road without looking back.

This, fortunately, is a challenge that executives can understand. So, when you go to sell them on a new security strategy, be sure to demonstrate how it helps you protect and serve your customers and preserve their valuable trust in you.

At a time when customers have more options than ever to meet their technology needs, your company needs to distinguish itself among the competition. That means checking all the boxes (security, compliance, availability, uptime, and responsiveness) as well as going above and beyond to surprise and delight customers wherever possible. When you seek senior management, executive, board, or VC buy-in for a cloud strategy, be sure to frame it in terms of how it will help you stand out from the competition, and you’ll be one step closer to your goal.

3. Explain the Business Benefits

In addition to staying one step ahead of your competition, several other business benefits should appeal to decision makers and help get them on board with your plan. The better you can explain in plain English how new cloud security initiatives will impact the bottom line, the better your chances of getting the green light. The idea is to illustrate the ways in which security is a powerful business enabler with several concrete benefits:

  • Shorter product delivery cycles  —  When security is well-integrated into development and operations workflows, it allows the organization to significantly shorten product delivery cycles, enabling your company to compete in a saturated market. SaaS companies cannot afford to fall behind the competition with a slow turnaround of updates and new features. So if your new security strategy or solutions will help you achieve shorter product delivery cycles and significantly reduce the need to go back to fix security issues, make sure you tout this benefit to decision makers.
  • Shorter sales cycles  —  If you aren’t following industry security best practices, this can be a huge stumbling block in terms of bringing on new customers. It can slow the sales cycle to a crawl or even derail it completely. Being able to prove that you have strong cloud security allows your company to speed through the sales cycle from discovery to close, eliminating one of your prospects’ most prevalent concerns.
  • The ability to enter new markets — Many industries — such as healthcare, government, and finance — require all vendors they work with to meet compliance mandates, ranging from SOC 2 to HIPAA to PCI-DSS. Being able to demonstrate compliance to industries that were once closed off to your company is a surefire way to grow your business. Of course, security does not equal compliance, but in many cases, meeting security goals and investing in security solutions will pave the way to becoming compliant.
  • Investment and exit opportunities —  Finally, keeping your house clean by upholding security best practices and meeting compliance mandates will prime your company for investment and even possible acquisition down the road. So, if your management team or board is laser-focused on the end goal, it might help to frame security investments in this light.

The Bottom Line: Demonstrate Value

In the end, gaining support for your cloud strategy from business executives, investors, and board members often comes down to dollars and cents. So be sure to justify the cost of your plan by demonstrating how it will actually save the company money or even increase revenue.

Remember: Make sure you don’t get mired in technical details and language in the process, but instead, focus on quantifiable business values and objectives. Demonstrate to your stakeholders that the strategy you’re recommending and the tools you’re angling for can directly increase operational efficiency and business revenue, and you will strengthen the odds of having your strategy approved (and supported as you put it into action).

Previous Video
How to Build and Mature a SecOps Program in the Cloud
How to Build and Mature a SecOps Program in the Cloud

Watch this video for practical advice to help you build and mature a cloud secops program for your organiza...

Next Article
Infrastructure in Transition: Securing Containers
Infrastructure in Transition: Securing Containers

Organizations are migrating from virtual server workloads to containers at a frenzied pace, buying into the...

Get Access to Threat Stack's Cloud Security Platform

Start Trial