7 Keys to Customer Success Programs in Security

By: Amit Kandpal, Director of Customer Experience, Netskope

The number one question I get from professionals in this field, and from executives or other stakeholders that are trying to build customer success programs for the first time, is how do I get to value creation/realization fastest. As a Customer Success leader, the below would be my key recommendations to any organization venturing into a security transformation exercise. While some of these sound fairly obvious, these continue to be major hurdles for value realization across the customers we work with.

1. Articulate your key short-term and long-term security strategy and priorities to all your internal and vendor teams: While it may not sound relevant if a customer is focused on some specific use cases, as a vendor on the other side, this has helped us be a long-term partner, recommend the right implementations roadmaps, and ensure the customer is on the path to quick time-to-value from Day One. We have used this information to assign the right resources with the relevant skills. We have also influenced our product roadmap to accommodate the longer-term priorities if it makes sense for the larger customer base.
2. Agree on the key success metrics in collaboration with the vendor along with target timelines: Most mature vendors have a framework based on their experience with other customers to capture the key target business outcomes (e.g. reduced total cost of ownership, saving from breach avoidance, business agility, etc.) of the program and translate those into specific metrics based on customer context. These, when available, are extremely helpful for the teams that work with the customers directly, and leaders like me behind the scenes to detect any deviation from the optimal path early by tracking the agreed metrics and making the right interventions when required.
3. Ensure the right level of resources internally and externally: A surprising number of transformation initiatives lack the due diligence to understand and implement the right level of resources required at all stages of the program. In my experience, for example, the effort and time required to establish an effective Data Loss Prevention program is something that most customers tend to underestimate by a large margin. A good start would be to ask the vendor you are working with for best practices and case studies from similar industries and complexity. A good case study will provide a framework based on rigorous data which can be customized based on complexity, required velocity, and any other considerations. This is very different from fluff meant to push additional services.
4. Remember that transformation is not migration: It is very important to focus on outcomes rather than replicating the existing way of doing things with a new solution. I have seen this distinction getting lost especially for organizations used to doing things in a certain way for a long time. It is important to remember that new technologies enable transformation precisely because they have a different and better take on the same problems. The Customer Success team of the vendors works with hundreds of customers trying to solve different flavors of the same challenges and it always makes sense to check with them for evolving best practices.
5. Invest upfront in solution training and enablement: Lack of investment in training is something that happens more often than one would expect due to the perpetual race against time security teams are in. While vendor Customer Success and Support teams are always there to help, there is no substitute for an understanding of the capabilities and functionality of a solution. The good news is most mature vendors have a variety of training options ranging from self-service ones to customized in-person ones.
6. Manage internal resource transitions: One thing on a customer call that always makes my heart sink is the news of someone critical, either from the operational or executive team, moving on to a different opportunity. It goes without saying, this happens a lot in the current red-hot market for security talent we are in. The worst-case scenario for the whole engagement is not having a sponsor or an operational team for an unknown period of time. Momentum is everything for transformation programs, and once stalled, it can lead to a  vicious cycle of no value hence no focus and additional resources from the already stretched teams. This sometimes can lead to the eventual demise of the entire program.  The most successful customers I work with have redundancy built into the resources and schedule planning and track any resourcing risk on an ongoing basis. They also nominate a replacement early, when required, and give us enough time to make sure there are no disruptions to the program. Again, most Customer Success teams would be delighted to inform and train the new stakeholder or team if given the opportunity and time to do so.

Leverage cadence calls, QBRs, and Customer Advisory Boards: I can usually take a look at our internal systems of records for Customer Success and make a fairly accurate prediction about the health of the program by looking at attendance in the last few cadence calls and Quarterly Business Reviews. If I have to pick one single predictive factor, it would be an enthusiastic sponsor attending QBRs regularly, asking the right questions (value realized, reasons and accountability for any delta, resources required going forward, product roadmap, etc.), and providing the required level of sponsorship to get around any blockers. Regular QBRs where all internal and vendor teams walk away with a shared and clear understanding of target business outcomes, high-level tactical plan, respective roles and responsibilities, and the path forward to address any dependencies and risks are the hallmarks for the most successful transformations.