The bot ecosystem is maturing, and larger organizations are starting to adopt communication platforms that let bots take part in enterprise workflows. There is a growing opportunity for bot builders to move their user bases from early adopters to big enterprises. But the opportunity to capture big clients comes with complexity: From stringent policies and security requirements to longer procurement processes and larger scale workflows, there’s a lot to consider if you want to build truly enterprise-ready software.

At Slack, we’ve spent the past few years building Slack Enterprise Grid for enterprise-grade collaboration. In this article, I’ll share some things to consider if you want to build bots or apps for some of the world’s biggest companies.

1. Enterprises take their time, but it could be worth your time

Enterprises buy software in a different way than small or medium-sized companies. Enterprises have a longer sales cycle, during which the enterprise evaluates many aspects of your software and makes a decision about which software to buy. The decision to install one bot over another is usually made by an admin (or an app admin, as they are sometimes called) rather than any one person in the team. In many enterprises, only admins are allowed to install tools and services.

The upside is that once your software is bought, churn is naturally lower, as there is a smaller chance that it will be uninstalled. Moreover, in many cases, once a bot is installed, employees are instructed to use it, making adoption easier.

2. Security and policy are key for enterprise decision-makers

Security and compliance criteria are often key factors in the enterprise software procurement process. Admins may need to determine if your bot adheres to the enterprise security and policy standards (such as data storage and privacy policies). Don’t be surprised if your bot goes through penetration testing or other security evaluations! If possible, facilitate a way for enterprises to engage with you to coordinate these evaluations and tests.

As you develop, it is important to think about security at every step of the development process. Be mindful of common vulnerabilities, such as XSS, CSRF, and SQLi, when developing your web application. Follow the principle of least privilege: Do not request more authorization for your application than necessary. Most applications perform a limited set of actions, so it is best to limit the OAuth scope requested (which can mitigate the impact of a breach).

It is highly recommended that you create a thoughtful privacy policy and stick by it. A common mistake we’ve seen is developers sharing their app token and keys with third-party services (often for tracking analytics) — this can make an enterprise worry that you might not be in full control of the data you are accessing.

The upside is that once you get it right with one big enterprise the others will not be so different. The hurdle of the first enterprise might be big, but it paves the road to the other large companies.

3. Scale, scale, scale

Everything in the enterprise is bigger. That’s why Enterprise Grid supports 500,000 users per organization and some of our clients have many thousands of Slack channels across their workspaces. These channels might be populated with thousands of users.

Remember that common patterns that work for small teams, like iterating over every user in a team, might take a very long time and may impact the usability of your bot. Make sure to test your bot with big datasets and high load. For example, you should be prepared to receive thousands of users when querying the user list, and you might want to queue your incoming messages so your servers don’t get overloaded.

Another aspect of large companies is that users tend to move within the enterprise. Bot builders should be prepared to onboard new users on an ongoing basis and be prepared to handle users leaving the team more often.

4. New use cases

With the launch of Slack Enterprise Grid, we are also able to support entities that must conform to the HIPAA and FINRA standards. This opens up a lot of new and interesting use cases for health care and finance. One of the developers in our launch told me that it was the most exciting announcement for bot builders in our launch, as these were use cases bot builders were previously prevented from addressing.

Remember that having Slack support the HIPAA and FINRA standards is not enough — if you plan to build a bot that addresses healthcare and finance use cases, your bot must adhere to the relevant standard in order to remain compliant.

5. Custom bots

There is a very interesting opportunity for system integrators and bot agencies to create custom bots specifically for enterprises. Most enterprises have complex internal systems with outdated user interfaces. Bots can make that pain go away by exposing these systems in the conversational interface and making these workflows a lot better.

Enterprises adopting communication platforms would benefit from internal integrations and will likely be willing to pay bot builders and system integrators to build custom bots and internal integrations.

6. The enterprise opportunity

Some of the biggest and most profitable companies have made their business selling software to enterprises. From Oracle to IBM and from Salesforce to SAP, many companies built their business securing big clients, nurturing the relationship with them, and reaping the rewards of large and recurring streams of revenue from these clients. These companies know that the investment in enterprise software is big, but once you get in, the upside can be enormous.

Bots builders today have the unique opportunity to provide value to enterprises and enjoy the reward of being first in this new industry.

Amir Shevat is head of developer relations at Slack.