SC Awards

Not-so-customary customer service: Experts offer tips on vendor best practices

The RSA Conference plans an all-virtual show starting on May 17. Today’s columnist, Kacy Zurkus of the RSAC, writes about why companies need to strongly consider a Chief Product Security Officer — a topic that will be covered in one of more than 200 sessions.(David Paul Morris/Getty Images)
The cybersecurity community wanders the trade show floor at RSA, interacting with vendors. The best vendor-customer relationships require mutual respect and open communication, experts noted to SC Media. (David Paul Morris/Getty Images)

The best vendor-customer relationships require mutual respect and open communication. End user organizations need to express their customer service needs and expectations, and security solution providers need to meet or exceed them.

That’s true for all phases of the partnership, from initial overtures and negotiations to installation and implementation to day-to-day operations and troubleshooting when problems surface.

After all, “if it’s not easy to do business with you, then why am I doing business with you?” said Dan Meacham, vice president of global security and corporate operations and CSO/CISO at film production company Legendary Entertainment. That’s why he encourages his vendor partners to “help me help you be successful with your product” by working closely as a team.

So what are some of best customer service practices – and how do they serve to elevate the rapport between parties? SC Media spoke to a collection of vendors and security professionals for their take on this critical question.

The relationship starts with product vetting and the purchase process, which will ultimately determine if a vendor and end user are going to move forward together.

David Poe, vice president, enterprise data architecture and shared solutions at United Way Worldwide, said it’s important that vendors can demonstrate that their product actually aligns with the security objectives his organization is aiming to accomplish.

“Too many vendors think their software product will address all issues. No matter how good the software, it is just a tool that is only successful if it meets the company’s business needs,” Poe explained. “Just because you are selling me a hammer, not all my problems are nails. We need the right tool for the right job. Consult with me to discover if that is the case with your tool and don’t expect it is the answer to all my needs.”

An effective way to diagnose a company’s needs is to involve the support team during the sales process, according to Hossein Ghazizadeh, chief services officer at Barracuda Networks, winner of a 2021 SC Media Excellence Award in the Customer Service category. “Support engineers should also be available to assist with pre-sales and proof-of-concept deployments,” Ghazizadeh explained. “A dedicated team… should work closely with sales to assist with technical questions and requirements.”

When a trial is conducted to prove out a solution’s merits, it is important that it feel like the real deal. Therefore, “an exemplary program will not differentiate between customers conducting a trial of a product and current customers,” said Ghazizadeh. “Every customer should get the same level of support the team is known for.”

Film production company Legendary Entertainment actually hosts and operates an entire fake replica of its cloud-based IT environment on which to test new solutions. “How much the partner or the vendor is willing to engage and embrace [this testing process] really says a lot about how that relationship is going to go further,” said Meacham. After all, if a vendor is not willing to help Legendary better understand the solution in a simulated environment, “how is it going to be with our real organization?”

In some cases, Meacham’s team actually found certain flaws or defects during the vetting process. “And there's been a handful of vendors that, when we've talked to them about this, they made fixes as hot patches right away within a week or two weeks, and we hadn’t even bought their product yet,” he said. That demonstrates responsiveness and a commitment to make the relationship work.

Indeed, it’s important for solution providers to demonstrate that they value the opportunity to partner with the customer. Maurice Stebila, former CISO at Harman by Samsung and chairman and founder of CxO InSyte, recalled how one major cloud provider once invited him to its headquarters to meet the executive team and review products as part of a customer summit. He also remembers when the president of a major cybersecurity firm “skipped a day of his company’s board meeting to speak to our board members and educate our executive team.”

Informative software and services guides can also help convince prospective buyers of a solution provider’s credibility.

For instance, Meacham advised handing out a product “one-sheet” with key details such as the escalation path of a help desk inquiry, including a shortlist of people to call when questions or problems arise. “Being introduced to the account manager as well… is very helpful to us to really understand what the personalities are,” he added.

Moreover, a list of references can be very useful. “That helps a lot if you go back to a major customer” for a recommendation, said Randy Sanovic, owner of RNS Consulting and former high-level security executive at General Motors, United Healthcare and Mobile Oil Corporation. “If you’re at GM, you want to go back to Chrysler or somebody else that’s a large corporation like a Mobil Corporation,” and seek out their input on the product.

During the contract negotiation process, some flexibility and open-mindedness on the part of the solution provider can also go a long way. For instance, Stebila praised one of its past antivirus providers for being was to work “within the limitations of our yearly fiscal CAPEX vs OPEX budget.”

Of course, knowing the customer service “don’ts” is just as important as knowing the “do’s.” For instance, Poe advised against hard sales tactics. “If I am not interested in buying or need to push this off, please respect that. Hard sales end up being added to a block list or escalation to the sales supervisor or vendor exec.”

Also, don’t withhold details either. Stebila, for one, said it’s a turnoff when “the product sales team attempts to hide specific information about their tools from me – e.g. incapability with my current installed enterprise legacy systems – which I'm already aware of – so that he/she can make the sale.”

Misleading information is even worse: “Telling me that the suite of security tools/products is all exclusive in a single SKU, when in fact after further investigation, I discover that I can purchase the products individually,” is a no-no, Stebila said. “Or if the tool you’re pushing as one of your own is actually from a third party “and the solution is being repackaged by the vendor and marketed as if it’s their own.”

After the contract is signed, sealed and delivered, the next stage of the relationship is rolling out the solution. This involves installation, implementation and configuration. This brings its own challenges that require their own unique customer service best practices.

For starters, instructional manuals and other multimedia aids can facilitate the implementation process. Ghazizadeh said a “quick-start guide should be included with every hardware appliance, and detailed documentation that is easy to access online should be available for every product, guiding customers from unboxing to having the unit up, running and protecting traffic.” Additionally, “the customer service team should also provide an extensive video library of initial setup videos across the entire product line to support customers further as they get started.”

To further assist their clients, vendors often provide some level of product training as well. Training “should start before the new product even arrives,” and it should be offered as a complimentary service, said Ghazizadeh.

However, training is not always as comprehensive as it should be. Sanovic said that training should, but often fails to cover critical lessons such as how to interpret software-generated reports. Consequently, as an end user, “you get a bunch of data coming at you and you don’t know what to do about it. You don’t know what’s more important or less important.”

Poe noted that solid project management is a must during this phase. In particular, he said that if the end user’s own workforce or resources are found lacking during rollout, then the vendor’s support team “must address company deficiencies such as newly identified staff skillset, capacity, or other related issues.” And they should be up front about such issues: “As a leader, I expect feedback from the vendor if there is an issue with my team rather than ignoring the topic due to sensitivity,” he continued.

Stebila recalled how one network security vendor he once partnered with even provided a shipment of additional required hardware “to meet the company's network bandwidth requirements, even though the fiscal year’s purchase order did not include it.”

At the very least, live engineers should be available around the clock to answer any questions related to the rollout. But Ghazizadeh also suggested offering an “optional white-glove installation service” that provides stretched-thin customers with physical or virtual “access to a highly trained professional services team member to complete the install for them. After the install is completed, the professional services team member should provide best practices for using and maintaining the new product.”

“Professional services like this simplify IT by taking the guesswork out of learning a new product,” he continued. Plus, such guidance helps save the customer save money that might otherwise have to be invested in a local value-added reseller “for external implementation services,” Stebila added.

But even if the vendor’s project management unit takes the lead during rollout, it’s still important that original sales/product team remains in touch, noted the experts. You can’t just walk away after the sale. “A salesperson built the relationship and has an obligation to check in to make sure at least the initial implementation went well,” said Poe. “This is not really about account management, just good business.”

Once the solution or service is fully operational, we enter the long-term operation phase of the relationship. Throughout the solution’s lifecycle, hopefully all goes smoothly, but both vendor and customer will need to remain in communication with each other over issues such as troubleshooting and software updates.

Here is where “good, old fashioned account management” comes into play, said Poe. Vendors should take steps to “ensure things are going well” and “ensure awareness of new features.” But much like in the installation stage, they should be able to identify ongoing process flaws and “provide insights into our work to help us continually improve.”

When problems do arise, there should always be a support agent ready to come to the rescue. Key help desk and support ticket pointers, according to Stebila, include avoiding placing customers in queues and ensuring that the person who initially responds “is actually trained in the product in question and knows the product” better than the end user does.

Live customer support should be available 24x7x365, added Ghazizadeh, and “customers should have multiple ways to open a case,” including via phone, email, community portals, or chat.

“A contact center team member should review every support request, verify the requester to ensure account security, and then create the support case,” Ghazizadeh continued. “An email should then automatically be sent to the customer providing the case number, and the case should be permanently recorded in the technical support records, allowing for full tracking of every case created on that unique serial number.

When the matter needs urgent attention, and the initial agent is unable to resolve the issue, the customer will likely want to talk to a more senior, experienced representative. Indeed, “there is nothing more frustrating of not having an escalation point when things aren’t going well with email/ticket-based support,” said Poe.

“The first support engineer you will typically speak with would be a tier 1 who has been extensively trained and certified in your specific product,” said Ghazizadeh. “Then, a tier 2 support engineer should be available to assist on any issues that may be beyond the scope of the tier 1. Escalations should be fast and easy.” Finally, a tier 3 or lead support engineer “should oversee the tier 2 team and be ready to jump in if the need arises. If there is an issue beyond support’s scope or a possible bug in the product, escalation engineers should work with the product management and development teams to review the customer’s case and determine the resolution path.”

Beyond tech support, vendors can also fortify customer relationships by communicating new ways that end users can improve, upgrade and optimize their solutions. For instance, Stebila said some of his past vendors have provided quarterly business reviews (QBRs) “to review provided services, metrics and what can be done to scale to the growth of our business.”

Vendors should be inviting user feedback to help them improve their own product offerings. One way to do that is to invite customers to take part in an advisory board, said Stebila.

For instance, Meacham said that Legendary Entertainment participates on the advisory board of its cloud access security broker (CASB) provider. “There is a circle of trust amongst us,” said Meacham, “and we can share different types of information, knowing that that information is going to be somewhat protected.”

Aside from holding conventional meetings, the CASB advisory board members also communicate via a specially created Microsoft Teams channel, which Meacham can be used “in a crisis situation, or [when something] needs to be elevated or escalated pretty quickly so that other members of that community can be on the lookout… or may have a quick way to resolve it.”

When responding to product feedback, responsiveness is particularly critical. In that regard, Meacham praised one of his email security solution providers for quickly making improvements after his team had been pointed out that the software missed a few attacks that had leveraged tricky evasion techniques.

A note of caution, however: as the business scales up, vendors must make sure that the relationship grows with it. “[A] superior customer support team should also be able to make recommendations based on current sizing of the unit, traffic flow, and other performance metrics to help companies determine how to scale,” said Ghazizadeh. “The support should also be available to help with product migration, clustering units and disaster recovery.”

Meanwhile, this is not the time to commit unforced errors that damage the partnership.

According to experts, problems can occur when a scaling business either outgrows its current solution, or requires additional hardware or software to function properly. In the former instances, customers are sometimes are “left buying a whole new appliance and in many cases have to set it up from scratch, creating costly downtime and labor charges,” said Ghazizadeh. And in the latter case, end users can sometimes discover that “the recently purchased products have been ‘sunsetted’ and no longer is supported,” said Stebila. Consequently, “you're forced to purchase a completely new solution.”

Another issue that can surface as an end user continues to scale and grow is that some vendors “see this as their chance to hit you with fees and have a huge upsell opportunity,” said Ghazizadeh. “Need a handful more users? Great, you must buy a new block of 100 users. Only need 10 more? Sorry, you must buy the full 100-user block.”

Instead, Ghazizadeh suggested per-user pricing, “which allows customers to only pay for what they need, which makes for a better customer experience.”

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.