back to Jitbit Blog home About this blog

What selling to Enterprises REALLY looks like

by Alex Yumashev · Updated Apr 12 2021

BIGTECH: Hello, we would like to buy an on-premise version of your software.

ME: Oh! Cool, here is the payment link

BIGTECH: Uhm... Nah. Can't do that. We want this to be harder. More complicated. Draft a "proforma invoice". We will create a purchase order. Then we approve. Then you send us your W9 form. Then we will perform an audit...

ME: Whoa, hold on a sec...

(googling "proforma invoice", "purchase order")

BIGTECH (in two days): Well, what is it?

ME: (damn, forgot about them) So, guys, here's another link, you can buy via this "purchase order" thing in just two clicks. The invoice will be auto-generated. Pay by wire transfer, check, whatever.

BIGTECH: Just a second...

BIGTECH (totally different employee): Hello, we would like to buy an on-premise version of your software.

ME: (oh ffs) Cool, here's your link... Again.

BIGTECH: We still need W9 and W8-Ben, and also... We need to perform a SECURITY AUDIT of your product. This is a very important SECURITY AUDIT.

ME: sure, here's the endpoint URL, run whatever scans you want.

BIGTECH: Uhm... Nah. Can't do that. We want this to be harder. More complicated. Here's a link to our internal Supplier Communication System. Register an account in it and fill out a questionnaire like this.

ME (looking at a 18 pages questionnaire): ...

MY COFOUNDER (in Slack): Ahahaha, I've already filled that shit out.

ME (in Slack): Huh? What do you mean "already filled"?

COFOUNDER (in Slack): dude, they've bought this product like two times already.

ME: dear Bigtech, why the fu... You are already a client of ours! And we already filled this form, here is the email "Michael-From-Another-Department (at) bigtech", please double check.

BIGTECH goes silent, processing this incredible information

BIGTECH (a week later): OK, that was a slightly different questionnaire. And frankly we can't really find Michael anywhere. Anyway, here's the form and...

ME: (inaudible)

BIGTECH: ...then register an account in the Supplier Communication System, then install our Certified 2FA Generator on your phone...

ME: Certified what? Can't I just use Google Authenti...

BIGTECH: NO YOU CAN'T USE ANYTHING FROM GOOGLE!!!!111


Act 2


ME (after a week): I filled everything in.

BIGTECH: But you put dashes in some of the fields

ME: Sorry (not really).

BIGTECH: Okay, forget it. Let Us Begin The Security Audit! The results will be published in the Supplier Communica...

ME: yes yes, got it

BIGTECH (a week later): We have completed THE SECURITY AUDIT. We identified A VULNERABILITY that needs to be fixed, provide the deadline for the fix, sign the commitment, then provide screenshots that everything has been fixed, then...

ME: wait, vulnerability, what vulnerability?

BIGTECH: The vulnerability is very, very serious one. Just a second, where is our tester dude...

DINESH (pentester): They don't have the "X-Frame-Options" header.

BIGTECH: yeah, right, you don't have that... whatever... "header"...

COFOUNDER (in Slack): OMFG KILL ME...

ME: you're buying the on-premise version, so we intentionally removed it, please configure it as per [instructions]. Again, this was intentional, because on-prem clients (like you!) use our software in very weird ways, including inside an iframe

DINESH (pentester): My dudes, totally makes sense. But this stupid testing suite they make me use...

BIGTECH: whoa whoa, wtf Dinesh! Also, who said you can communicate over email? Please post your answer in the SUPPLIER SYST...

ME (in the Supplier System): Unfortunately, the pricing plan you picked does not include custom legal support, here is a link to the "Uber-Mega-Enterprise" plan for $100k per second, thank you.

This is a true story. Names have been changed to protect... ourselves. Also unfortunately, I made up that last sentence, I'm not that brave.