Multi-factor authentication (MFA) implementation is a way to improve your security resiliency. Most know that. However, did you know that it could also help your company win more enterprise customers? If you’ve ever wanted to demonstrate alignment with the business, this is one of your business opportunities.
What Does MFA Implementation Tell Your Clients?
To understand why MFA implementation is a selling point to enterprise customers, put yourself in their shoes for a moment. Picture yourself as an IT director at a Fortune 100 company such as General Electric. Since your company has an elite profile and a reputation for excellence, you have a lot to lose in the event of a security incident. No CEO wants to face a summons to appear before Congress, as Sony did in 2011 following an extensive hack of the PlayStation network.
When you invest in robust security measures such as MFA, such actions tell enterprise customers that you’re serious about security. A few years ago, multi-factor authentication (MFA) may have been a cutting-edge practice. That’s changed. Large companies such as Amazon, Bank of America, and Facebook have already implemented MFA. If you want to win a seat at the table with a Fortune 500 firm – especially if you sell software, consulting, or financial services – proving your security is top-notch is critical.
If your MFA implementation is in place, well done; it’s time to start leveraging that accomplishment to impress enterprise customers. That’s what we’ll cover next.
Presenting Your MFA Implementation in Your Sales and Marketing
As an IT leader, you may not participate in sales discussions very often. In that case, let’s highlight one key point about sales to large companies. Large company sales take a long time to close. Multiple stakeholders are involved who need to be engaged. For instance, legal plays a role in designing the contract. If you’re selling a technology solution, the customer’s IT department will be involved. Among other questions, they’ll want to know about your security measures. Set some time aside to prepare for these questions so that you can support the sales team.
In your presentation showcasing your MFA implementation, here are some of the key points to cover.
Implementation Project Summary
If you implemented MFA in the past 12 months, expect to answer questions about the project. What was in scope? What systems are you using?
Coverage for Users and Systems
An MFA system used by only 10 percent of your employees isn’t very valuable. In contrast, if your MFA system is used by 95 percent of people managers and 100 percent of developers, then your MFA implementation is much more secure. If your MFA implementation has expanded over time, make that point as well. Expanding MFA coverage proves that you’re continuously expanding IT security.
Monitoring and Reporting
Discuss the types of reports you review to determine the effectiveness of your MFA implementation. Ideally, share one or two examples of a management action taken. For example, show that you’re coaching a new manager on how to use MFA when a report showed that he or she hadn’t used it in six months.
Explain how MFA technology training is covered in your company’s training materials. For example, you might require employees to use multi-factor authentication when traveling to certain countries. Such guidance shows how your MFA implementation is linked to your cybersecurity risk assessment.
Supporting IT Security Policies and Procedures
You’ll need to use your judgment on this front to determine what should be disclosed. Sharing a copy of your overall IT security policy may be reasonable. On the other hand, providing your password management procedures is rarely a wise move because that level of detailed information could cause problems for you if it were leaked.
Security Incidents and Responses
If applicable, describe how your MFA implementation has decreased the impact of any security incidents you’ve suffered. With MFA authentication, it’s much more challenging to obtain unauthorized access to a user account.
If you’re given the opportunity to present your company’s security arrangements, focusing exclusively on MFA may not be the right move unless the customer requests that focus.
What Other Security Developments Help You to Sell?
Besides MFA implementation, other aspects of your IT security program are relevant in a sales situation. If your company sells professional services such as consulting, legal, or accounting services, then emphasizing your approach to training and oversight for individual staff is a smart move. For example, you might provide a copy of the hiring manager’s checklist, which includes a requirement to complete IT security training in the first 30 days of employment in a software company. Also, you can offer a summary of the IT security certifications that your security team has earned, such as the CISSP (Certified Information Systems Security Professional). Finally, you might present a copy of your IT security administration metrics. If you’re unsure about the right level of technical detail to present, seek insight from the sales team.
Tip: Before disclosing highly sensitive IT security procedures and data, review the non-disclosure agreement the customer has signed. A healthy amount of professional skepticism is warranted when it comes to sharing detailed security information.
IT Leaders: Seize the Opportunity to Add Value
While the IT department doesn’t generate revenue, that doesn’t mean you can’t add value. Supporting the sales team by presenting on your security arrangements is one way to demonstrate business alignment. Within your department, set an example as a leader who invests in people. For instance, you can improve developer productivity using containers. As you demonstrate value to the organization, your desire to improve IT productivity and protections will be seen in a new light.