top of page
Search

Why Enterprise Deals Live or Die on Security - Lessons For Founders

Updated: Mar 31

Mar 19, 2025

Working with enterprise clients as an early-stage startup is a high-risk, high-reward game. Success depends on deeply understanding your prospect’s must-have needs. Sometimes, you learn from failures; other times, your dedication and persistence pays off—that’s exactly what happened in our engagement with a top pharmaceutical client.


Before we get started, for those of you who are reading these essays for the first time, this is Part IV of the startups series, where I try to share lessons I've learned from my time in Silicon Valley.  In Part III of these series on startups, we covered a core lesson in enterprise sales: understanding the real needs of your prospect with depth and clarity, and the repercussions of not doing so.


If you haven’t read Parts I-III, you can read them here:

🔗 Part I

🔗 Part II


Now, in Part IV, we’ll dive into one of our wins—an engagement where adopting the right approach, staying agile, and maintaining a strong security posture helped us secure an enterprise deal. This essay covers three core lessons:


  • Why security isn’t optional—a strong security posture is the first filter for enterprise clients.

  • When to adapt and when to push back—not every enterprise demand is worth accommodating.

  • How to make these calls in real time—navigating high-stakes decisions when you're in the arena.


In this case, not only did we secure the deal, but we also executed it well. Whether you're a founder, team member, or investor, my goal is simple: help you navigate the capital, operational, and psychological crevasses of building a startup—with fewer scars than we did.


Meeting with a Pharma CIO


Working with Apple helped us understand the importance of deeply understanding a prospect’s core needs—and the consequences of not doing so. We covered this engagement in Part III of this series.


Later, in 2020, we crossed paths with a top-tier pharmaceutical client—one of the world's top five, based in Billerica, Boston, US. This engagement became a valuable startup lesson for us. It showed us the effort it takes  to earn the trust of a cautious CIO and turn them into a strong advocate. We learned that credibility in the enterprise space comes down to three things: a rock-solid security posture, the ability to adapt, and the judgment to know when to adapt—and when not to. For those curious about how we navigated this storm,  it's worth understanding the context here. Here we go.


Setup: A High-Stakes Enterprise Demo


In 2019, I was running an important demo for the Global CIO of one of the top four U.S. pharmaceutical companies. He was interested in evaluating our robotics-enabled security service for deployment on their campuses in the U.S. and potentially abroad. This wasn’t just another sales pitch—it was yet another make-or-break moment for our startup.


The demo was scheduled for Monday, 8:00 AM EST, in Billerica, Boston. I arrived on Friday , roughly 60 hours ahead of the demo to prepare on-site with one of my team members. Needless to say, there was a significant amount of work that went into  weeks prior to this on-site meeting to ensure we were fully prepared on all fronts for this engagement. I was responsible for ensuring this demo goes smoothly and that all our teams - hardware, software, operations were engaged on all the fronts so we are able to build trust and rapport with this gentleman and ensure our product addresses their core needs. 


I arrived in Boston around 7.00 pm and headed to the Billerica campus of this company. Once on the campus, a teammate and I met our local point of contact for the facility.  After doing a few handshakes with this gentleman we started our drill. 


Challenge: Preparing for a Flawless Demo


For those of you who are into the startup ecosystem, you’ve probably noticed the difference between a demo or pre-sales meeting with an enterprise client versus a mid-sized client. A pre-sales meeting with a mid-sized client feels like a sprint or a 5k, while the ones with enterprise clients feel more like preparing for a marathon. There’s a lot to factor in, and almost always, you need to address novel risks that emerge once you’re on the customer’s premises with your product.


Needless to say, we ran into multiple hurdles before the demo.


  1. Network Issues: The facility’s WiFi required a captive portal login every couple of  hours, so we had to write a script to automate the network re-authentication process.

  2. Cellular Coverage: The location had no Verizon coverage, requiring a last-minute switch to AT&T hardware and configuration on the robot. This also made it nearly impossible to communicate with our Bay Area team from Billerica, Boston.

  3. Operational Risks: Certain high-risk areas (e.g., stairs) needed to be cordoned off on our robot’s map (ROS map) to prevent potential issues during the demo.

  4. Nonstop Rehearsals: Over Saturday and Sunday, we worked tirelessly—customizing the robot's hardware and navigation system, refining the demo script, rehearsing with remote specialists, and ensuring all edge cases were covered.


By Sunday night, we were brutally exhausted—but ready.


Our first in-person demo and meeting with the global CIO were scheduled for the following day—Monday.


The Demo Day : Meeting the CIO


At 6:00 AM on Monday, I arrived on campus. We conducted final rehearsals with robot specialists, backup engineers, on-site security teams, and facility personnel—essentially, with our remote team in the Bay Area. 


At 8:00 AM, the Global CIO arrived, shook hands with us and was silent but highly observant for most part.  He observed silently as we reiterated the problem statement, presented our solution, explaining how our robotics-enabled security service could address their pain points and elevate their security profile.


What he didn’t know? My teammate and I—two people troubleshooting one problem after another since we arrived on Friday—had practically lived at the facility for the past 60 hours to ensure nothing went wrong.


Post this first session, he asked two questions that defined the outcome of this meeting. 


The First Question: “Is Your Robot Secure?”


After the demo, the CIO walked up to me, looked me straight in the eye, and asked:


“Can you help me understand why this robot is fully secure? How can I trust it?”

I took a deep breath and laid out our security framework:


  • SOC II Compliance: Our company was certified and had a Chief Security Officer responsible for audits and compliance.

  • Physical Security: The Ethernet port was locked to prevent unauthorized access.

  • Data Security: All data—both at rest and in transit—was encrypted using AES encryption and certificates.

  • Access Control (AAA Model): Only authorized personnel could access the robot, with role-based permissions.


He listened carefully. I could tell he was satisfied—for now.


The Second Question: “Where Do Your Cameras Come From?”


Then came the next question, sharp and direct: “I see a lot of cameras on this robot. Where are they manufactured?”


I answered:

“Most of them are sourced from outside the U.S., given supply chain and pricing constraints.”


His follow-up was immediate: “Do they come from (country) – a country he didn't seem to trust at the moment?”


Me: “Yes, sir. Today, most do.”

There was a weird silence in the room for a moment.


Then, he asked: “Given the cyber risks, would your company be willing to replace all of them with cameras manufactured in the U.S.?”


I responded:

“Sir, I understand your concern and appreciate you bringing that up. With all due respect, as a startup, we must be mindful of our resources. Replacing the cameras involves major adjustments to our supply chain and pricing. If you’re open to committing to a fleet of at least two dozen robots, we could make that change. I understand this may not be feasible right now, but that's what it would take for us to move forward. I’ll have a discussion with my CTO and get back to you soon."


He nodded respectfully, appreciating the honest and direct response. 


When you are in the arena, you are always trying to balance the needs of the client with the mission and capabilities of your startup.  It’s challenging, but the truth is, as a startup, time, talent, and capital are your most valuable resources. Every "no" helps preserve them, and every "yes" should be approached with caution.


Going back to the conversation, after he heard my response about the dozen robots and supply chain, he said something that elevated the trajectory of this engagement:


 “I see great value in your product. If you replace the cameras, I will do my best to help you expand this service.”


We shook hands. He smiled—briefly. The meeting was over, but the opportunity had just begun.  I carried this message back to the team.


Post-Demo: Deal On The Table


A few days later, we got feedback from our internal champion:

  • The company saw real potential in our robots and expressed the interest to expand the fleet. 

  • They were convinced about our security posture but had two additional requirements:

    1. Replace all cameras with U.S.-manufactured alternatives.

    2. Ensure the robot can navigate elevators.


The camera replacement was a relatively easy fix—we sourced compliant alternatives.

But elevator integration? 


On one hand, it was a significant technical challenge; on the other, we had a deal on the table. The prospect was willing to expand the fleet, and we had a deal if we could develop and present an MVP—not a full-fledged solution, but an MVP.


The Engineering Challenge: Elevator Navigation


Under our CTO’s leadership, our engineers worked for weeks to integrate our robots wirelessly with the on-site elevators—specifically KONE elevators in this case. We achieved an 80% success rate—sometimes the robot hesitated and didn’t enter the elevator, but for the most part, it worked.


It’s important to note that this integration was specific to KONE elevators from what I remember. Elevators vary widely across manufacturers, and integrating with each would be a startup project in itself.


So this was an important lesson—a reminder that working with Fortune 500 clients often comes with customization demands, strategic shifts, and trade-offs. You can’t afford to have all your clients in this bucket—too much custom work can slow you down. A healthy balance between Fortune 500 enterprises and mid-sized growing companies is key. The balance depends on many factors, but the first is understanding the time and effort required for customization versus long-term ROI. In this case, we had buy-in for expansion, and an MVP—not a full-fledged solution—was enough. It worked, creating a win-win scenario for us and our partners.


So, if you're a founder negotiating with an enterprise client, it's best to secure a solid commitment before agreeing to customize your product. Even with a commitment, stick to your MVP and resist the urge to build a perfect solution. This approach alone will save you a ton of time and capital. 


In this case, our engineering team built an MVP, we demonstrated it to the security team at this pharmaceutical company, and we sealed the deal. Our founders from the get-go kept a high bar on the talent and that helped us unblock a wide range of technical hurdles that would have otherwise blocked sales.


So, to summarize:


In this case, we had SOC II certification, which helped us assure the CIO of our strong security posture. We secured a commitment to build an MVP for our prospect's elevator interface, accommodated their request to replace cameras with domestically developed ones, and, most importantly, did so with a commitment from them to expand the fleet of robots that would patrol this campus.


Overall, it was a win-win deal. As a startup, you have only so many engineers in the early stage, and they’re all focused on keeping the product stable. Without capital, you can’t afford to engage talent in projects like this unless there’s a clear path to business expansion. Customization is almost always impossible to accommodate, so securing a firm commitment from your prospect before investing efforts is KEY.


Key Lessons for Startup Founders


This engagement taught us three important lessons about enterprise sales:


  1. Security is a deal-breaker.

    If you're dealing with an enterprise client, security isn’t optional—it’s the first filter. If you can’t meet SOC II, GDPR, DORA, encryption, and access control (AAA) standards, it's going to be an uphill battle to even land a meeting. These companies have entire teams dedicated to rejecting vendors, and security is the most common reason—rightfully so. Take it seriously, or they won’t take you seriously.


  1. Enterprise clients demand customization. 

    Unlike startups or SMBs that might adapt to your product, enterprise clients assume you’ll adapt to them. Some requests will push you in a direction you already wanted to go—those are worth it. If a lightweight MVP can meet a client’s needs and benefit others, it’s worth considering. But if it demands a fully custom solution that turns you into an outsourced dev. team, walk away.


  1. A balanced client portfolio is critical.

    Big clients bring big checks, but also long sales cycles, endless security reviews, and high expectations for support. If all your customers are like this, you’ll spend all your time jumping through hoops instead of building. The best approach? Have a balanced mix of clients so as an early-stage startup you can keep your lights on and yet scale your impact. 


The Next Win: Breaking into the Cloud Market


This experience reinforced our enterprise sales approach. Shortly after, we engaged with the #1 cloud provider—an opportunity that converted into a major sales win, thanks to the combined efforts of our sales, engineering, and executive team.


I hope you find this experience valuable in your journey.


If this essay got you thinking, you’ll probably like what we’re building at Boring Sage.


Our Mission


Boring Sage is an initiative to help those who want to build a career in emerging technologies—fields like AI, robotics, and self-driving cars—but lack a clear roadmap, right resources, or clear guidance.  We help early-stage professionals and serious learners cut through the noise and approach these fields with clarity and confidence.


Our courses are built on a principles-based approach and rooted in real-world applications. You’ll learn what matters in your domain, why it matters, and how to apply it.  Right now, we’re offering courses on self-driving cars, AI, and computer networks.


You can learn more at boringsage.com/courses.


If you know someone who could benefit from this initiative, we’d be grateful if you shared it with them.



Cheers,

Prathamesh


Disclaimer: This blog is for educational purposes only and does not constitute financial, business, or legal advice. The experiences shared are based on past events. All opinions expressed are those of the author and do not represent the views of any mentioned companies. Readers are solely responsible for conducting their own due diligence and should seek professional legal or financial advice tailored to their specific circumstances. The author and publisher make no representations or warranties regarding the accuracy of the content and expressly disclaim any liability for decisions made or actions taken based on this blog.

 
 
 

Yorumlar

bottom of page