The New Security Playbook: How Proof of Value Played a Critical Role in CloudKnox’s Success

By Ken Elefant, Partner and co-founder, Sorenson Ventures

If you’re paying attention to the enterprise cybersecurity market, you know it’s becoming intensely competitive. Startups struggle to get noticed and win early deals. Without market momentum, it’s increasingly difficult to cross the chasm from early adopters into mainstream customers and access capital to fuel future growth.

In my previous articles, I described the Sorenson Ventures New Security Playbook, which outlines go-to-market strategies that fast-growing security startups are using to gain customer attention and market traction. I provided examples of tactics that the most successful security startups are using to expedite sales timelines, improve sales conversion rates, and create scalable and repeatable go-to-market processes that drive rapid revenue growth.

In this blog, I want to focus on the importance of PoVs, or Proofs of Value, and how PoVs can play a critical role in the GTM success of an early-stage security company. Although most enterprise software firms understand the concept behind a PoC, or likely already use Proofs of Concept, fewer are familiar with or utilizing Proof of Value frameworks.

As you probably know, a PoC is a process where software vendors try to show customers that their technology works in customer environments. For example, a PoC can be designed to demonstrate that a product integrates with a customer’s existing technology infrastructure and runs smoothly in a limited or test environment.

Although PoCs can be effective in showing that technology works in a functional sense, they often fall short in convincing customers to buy the product and expand their deployment to a production environment. One critical issue with traditional PoCs is that they don’t actually prove that the technology solves the customer’s pain or provides measurable value.

That’s where PoVs can help. PoVs establish a higher standard of proof for the vendor and, if done effectively, can carry far more weight in the sales process. PoVs demonstrate that the technology not only works within the customer’s environment but that it solves a specific problem to provide the value claimed by the vendor. When used correctly, PoVs can turbocharge enterprise sales processes, expedite customer conversion, and help young companies gain momentum and separate themselves from the competitive pack.

One of the best companies I’ve ever seen at implementing an effective PoV-driven enterprise sales process was CloudKnox. Founded in Sunnyvale, CA, CloudKnox was a Sorenson Ventures portfolio startup that was acquired by Microsoft in June 2021. CloudKnox developed an enterprise permissions management platform that provided comprehensive access visibility for all identities, unified cloud access policies across providers, and automated least privilege access.

In contrast to many early-stage companies which jump at the opportunity to offer PoCs to any customer which expresses the smallest shred of interest, CloudKnox ran a highly disciplined Proof of Value, or POV, process. CloudKnox’s leadership team used PoVs as a way to fully qualify customers and optimize allocation of the company’s scarce resources to the highest value sales opportunities. CloudKnox’s PoV process was specifically designed to weed out companies who might be willing to test the software, but were unlikely to convert into enterprise-level customers who were willing to write big checks.

CloudKnox deliberately marketed their PoVs not as product tests, but as “risk assessments” that provided real-world intelligence on the customer’s current permissions risk situation. CloudKnox’s goal was to show how its permissions management suite could identify current risk and then help manage and mitigate the enterprise’s permissions risks in the future. This was important because CloudKnox’s leadership team understood that a customer’s initial excitement about CloudKnox’s product wasn’t an accurate gauge of customer qualification, conversion probability, or ultimate success with the product. For a customer to buy and succeed with its product, CloudKnox needed to prove its value.

CloudKnox developed and strictly adhered to a set of PoV qualification criteria that helped the company optimize their decision-making, implementation processes, and equally important, resource allocation. CloudKnox’s sales leadership insisted that before their team began work on a potential PoV, the customer needed to demonstrate:

Allocated budget for a permissions management solution

  • Defined timeline to purchase
  • Economic buyer and all purchase-decision influencers were participating in the PoV and buying process
  • Willingness to make the time commitment to run a successful PoV

CloudKnox also created a PoV playbook which required the customer and CloudKnox to agree on specific PoV implementation details before CloudKnox would devote engineering and sales resources to the process. For example, before CloudKnox would move forward on a PoV implementation, CloudKnox’s sales leaders insisted that there was mutual agreement with the customer on:

  • Problem to be solved
  • Proof of value or how success would be measured
  • Financial commitment from customer if the PoV was successful
  • Project execution plan that included implementation details, functional requirements, project timeline, and responsible parties for all work

Finally, CloudKnox, trained its sales team to avoid common PoC traps that could end in a failed project or unsuccessful sales process. CloudKnox account executives learned to watch out for red flags that indicated that a prospect might not turn into a satisfied customer, such as:

  • “Happy ears” or the all-too-common problem of mistaking early customer enthusiasm for commitment to buy: The CloudKnox sales team knew to follow up on positive product feedback with probing questions to uncover the customer’s true buying intentions.
  • Reluctance to put, on paper, the time commitment to run the PoV or the procurement commitment once value was proven: When customers weren’t willing to commit internal resources to prove value, CloudKnox knew they weren’t likely to pay when it came time to purchase the full enterprise product.
  • Lack of clearly defined project objective or success metrics: When there was no mutually agreed upon project objective or success metric, the results were ambiguous and hard to communicate to colleagues. CloudKnox knew that prospects who couldn’t measure success were less likely to convert to real customer relationships.
  • Competitive PoCs: CloudKnox learned to avoid committing resources when the primary PoC qualification was the customer saying, “We’re doing a PoC with your biggest competitor.”
  • Unrealistic expectations: CloudKnox watched for any signs and indications that the customer would be unable to adhere to the PoV schedule or avoid project scope creep

In retrospect, CloudKnox’s Proof of Value playbook may sound like common sense. And to a great extent, that’s true. What was special about CloudKnox wasn’t its Proof of Value structure or strategy. It was that the company had the discipline to stick to a comprehensive PoV-based qualification process that eliminated low-quality leads even when it was struggling to gain attention and early market traction.

Ultimately, that’s where many enterprise security companies fail. It’s common for companies to sacrifice sales discipline for short-term “opportunities” with unqualified or lightly qualified prospects. In other words, they trade strategy and focus for “deals” that falsely fill the Salesforce funnel. Those deals may look good in the pipeline, but they’re really ugly at the end of the quarter when they don’t close.