#main-nav-header { display:none; }

Securing the sales organization

A blueprint for future-proofing your security strategies

Empowering the sales team is vital to the success of most businesses. Sales is, after all, the primary engine for driving revenue. But, Sales is often the most challenging business division to support and secure. And because Sales often represents a large percentage of the workforce, addressing these challenges can require a significant investment in time and effort.

Why is it so challenging to support Sales? First, salespeople can be very demanding of internal resources. For example, when they are working to close deals, salespeople often want to bring their own executives to meetings so they can give prospects the confidence that they have the full support of the company. And of course, when salespeople schedule a customer meeting, the request for executives is always urgent. Executives understand how important these meetings are, so they accept as many invitations as they can. It’s not unusual for an executive to participate in multiple sales calls every week.

Salespeople also embody the most extreme cases of remote and hybrid work. Many remote employees primarily work from one place — home. But salespeople need to be fully productive everywhere — from remote offices to customer sites and everywhere in between. Like most remote and hybrid workers, salespeople need fast, simple access to essential tools. But they also need to work with highly sensitive information, including customer data, personally identifiable information (PII), contract terms, and confidential corporate resources.

Salespeople are more frequently on the move than other remote workers, accessing valuable data using multiple devices and various (possibly vulnerable) network connections. As a result, they are often more vulnerable to cyber attacks. The Security team has to enable the sales team to access resources and information with agility while also reducing the risk from a wide range of threats.

How can you balance the potentially conflicting needs of Sales and Security? First, you have to understand what salespeople truly need from IT — what data, apps, and other resources, and from what locations. That information will help you identify the types of cyber threats sales teams face, uncover the limitations of existing security solutions, calculate the risks, and put the appropriate security controls in place. To support Sales without putting the corporate network and customer data at risk, many organizations will need to implement a new, modern approach to security.

Supporting Sales is hard work. But if you succeed, you can create an effective blueprint for supporting the rest of your organization.

What does Sales need from IT?

Sales needs access. Specifically, sales personnel need access to highly sensitive customer information, which might include not only contact information but also org charts and details about how customers have implemented particular technology solutions.

Salespeople might need to access that sensitive information from multiple sources. For example, they might use customer relationship management (CRM) and prospecting tools to identify and pursue leads. In addition, they might use their company’s back-end customer support system to gather information about existing customers.

Meanwhile, they need access to sensitive information relating to their own company. For example, many Cloudflare customers have to comply with strict government regulations. Our sales team needs to provide assurances that we meet specific security standards. Beyond highlighting our multiple certifications, salespeople might need to share information about our internal security and privacy practices. This is information that other remote workers would not typically need.

At the same time, salespeople need access to a full range of communication and productivity tools. They need access to these resources and tools from anywhere, using a variety of connectivity methods. Like other remote and hybrid workers, salespeople might work part of the time from home, using their home internet connection to log into the corporate network. But salespeople also frequently work from the road as they travel to customer sites, using a cellular network or public WiFi to connect from an airport, car, or hotel.

Wherever they are, salespeople expect fast, seamless access to apps and data. If a salesperson has five minutes before driving to the next customer site to send off a presentation or enter information into a CRM system, they don’t want to struggle with connectivity issues. When they are walking through a presentation or running a demo with a customer, they can’t take extra time for numerous authentication requests. Any access issues in a customer meeting could impact the sales opportunity.

Meeting this expectation for anywhere access to sensitive information creates challenges for IT and Security, because this remote, highly mobile salesforce is vulnerable to multiple cyber security threats.

What threats does Sales face?

Salespeople encounter the full range of security threats experienced by typical remote or hybrid workers, though several threats are amplified because of the sales team’s mobility. And because salespeople access highly sensitive information, those threats can put your entire enterprise at risk. The five most common threats stem from how and where salespeople work:

Cloud access and phishing: Cyber attackers know there are more mobile and remote workers today than there were five years ago — not only salespeople, but also employees in other business units. As a result, attackers are increasingly targeting the technologies that these workers use to access resources from remote locations, including cloud-based apps and virtual private networks (VPNs). The strategy often involves phishing: If attackers can dupe workers into entering credentials on a phony website, the attackers can use the credentials to log into cloud apps or the VPN, thereby accessing the corporate network.
Intercepting Internet traffic: When salespeople use unsecured, public WiFi, cyber attackers might attempt to intercept Internet traffic. If successful, attackers could have access to whatever those salespeople are sending out on the internet, such as emails with sensitive data or — even more troublesome — their login credentials. If the company is not leveraging multi-factor authentication (MFA), those credentials could provide easy access to corporate systems. Security must enable a secure alternative to public WiFi and raise awareness about the risk, or else the convenience of public WiFi will leave the organization exposed.
Shadow IT: Employees might sign up for new cloud resources without telling IT or Security. For example, a sales engineer might spin up a new demo environment in the cloud without properly safeguarding that environment, leaving corporate IP vulnerable. Or, a salesperson might try to craft an engaging email by inputting customer information or corporate IP into a generative AI tool, not realizing that the tool doesn’t guarantee privacy.
Device theft: According to a recent report, lost or stolen devices account for 17% of all data breaches — and mobile salespeople are more likely than other employees to encounter the physical theft or loss of a device. If you mistakenly leave your laptop in your car while stopping off for lunch, that laptop might not be there when you return. Unless your digital working environment is well secured, the thief could potentially gain access to a wealth of sensitive data.
Data loss: When salespeople leave a company, they might attempt to take customer information with them. They might try to expand their own personal, digital Rolodex — and assist a future employer — by copying customer contact information, contracts, or other customer data, even if that is strictly forbidden by the company they are leaving. A salesperson could even take information about what software tools customers are using. Especially in the cyber security industry, employers must prevent that information from leaving with employees by using appropriate data loss prevention controls.

The limitations of legacy security technologies

In the recent past, remote and mobile workers were generally required to use VPNs to connect to the corporate network. But the experience for many users was terrible: network performance was slow, and mobile users had to reconnect whenever they moved to new locations. The experience was worse when using video conferencing apps, which demand high bandwidth and consistent network performance. The rapid adoption of video conferencing over the last few years has put pressure on IT and Security to find an alternative to VPNs for protecting network traffic.

Still, some companies doubled down on VPNs as their remote workforce expanded. As Sales ramped up the use of chat and collaboration tools, IT and Security had to find a way to protect the documents and other data that was shared through those tools. Some financial services institutions, for example, mandated always-on VPNs for their sales teams. But again, the experience of logging into an always-on VPN while traveling can be very frustrating for users.

At the same time, it was — and is — difficult for companies to scale their VPN solutions. During the pandemic, many companies suddenly had a large number of employees working remotely, using a VPN, and systems would crash. Companies need a solution that can scale to support a large, and potentially growing, remote and mobile workforce.

Overcoming prior limitations with a modern approach to security

There is a strong business case for a Zero Trust approach to securing salespeople and other remote workers. Zero Trust can simplify access for users while providing robust security that addresses many of the weaknesses of VPNs, including performance and scalability issues.

But of course, not all Zero Trust solutions are the same. Some organizations have learned that lesson the hard way. They might have selected a vendor with only 20 to 25 points of connection around the world. So their salespeople and other remote users still faced problems with speed and performance. As employees work from more remote locations, organizations need a solution that enables all users to connect to nearby network locations, wherever users are around the globe.

Most organizations will benefit from implementing a Zero Trust approach as part of a comprehensive secure access service edge (SASE) platform. For example, secure web gateway, browser isolation, and cloud email security capabilities can address phishing threats that can snowball into major breaches. Cloud access security broker (CASB) tools can provide secure access to SaaS apps. And, data loss prevention capabilities can prevent the loss of sensitive information through email or the purposeful removal of data by salespeople as they leave the company.

For small branch sales offices, there has been a shift away from legacy multiprotocol label switching (MPLS) technology, which was initially established to speed up network connections. MPLS is expensive, requires a long setup time, lacks security capabilities, and can’t provide direct connection to cloud services. Organizations are now exploring next-generation WAN solutions to replace MPLS. The right WAN solution will use a cloud-based network to simplify deployment and reduce costs while offering built-in Zero Trust functionality.

Finding the right balance — and creating a blueprint

Sales will always be a remote, mobile workforce. Empowering that workforce is critical to most businesses, because Sales drives revenue. But empowering Sales will continue to be challenging if IT and Security rely on VPNs and other legacy security tools.

Fortunately, there is a way to balance the needs of Sales and Security: Moving to a Zero Trust approach with a modern platform can provide salespeople with fast, simple, and seamless access to key resources while protecting corporate networks and sensitive customer information. IT and Security can enable salespeople to work from anywhere while maintaining the same level of control as they have with workers in corporate offices. Once that model is in place for Sales, IT and Security will have a blueprint for supporting a growing number of remote workers and building a much more flexible, agile organization.

This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.