1. Too much scrolling. Most of the people in these positions are in their late 40s, 50s and they are used to brochure-style pitches and just want to see some quick features on a single page probably. They are probably viewing this at work, not at home or even while commuting.

2. You need to emphasize compliance over the crypto standards - the compliance is what determines is "good enough" anyway for your crypto strength requirements and most execs don't care if you're using a more secure algorithm over another as long as it meets compliance and can be flexible enough to change in the future as requirements from a regulatory agency could change. Learn your acronyms to get attention from these folks (you have about 5 of the 30+ that Amazon Web Services is very informed about on their pages) - they won't care about a product unless they are confident that their vendor understands compliance very much. This is a huge reason for the shift by enterprise to AWS when people joked that it'd never pass enterprise muster - they started packing tons of alphabet soup and whitepapers along with reference customers at the right conferences. I might try to get a vendor partnership or something with someone to get a reputable logo namedropped onto that page or two specifically under compliance. The big win will be with an actual quote with a specific outcome from a reputable reference customer. That's hard in security space but perhaps a F1000 could work instead of a F500 / F100...

3. Cost doesn't matter generally when it comes to enterprise purchases because for most start-ups what they can charge is insane (but is a problem for people-centric tech vendors like old school software companies that are themselves very bloated and inefficient capital-wise), $1M is a rounding error for most F100 companies and POCs are paid maybe like, $100k for a few months or so maybe, which is easy to float most start-ups even with a regional account manager that commands a $600k / yr comp package. So don't bother with a pricing section, it'll go out the door in the middle of negotiations anyway.

4. Password management of endpoints is not mentioned and that's a huge reason that companies buy software like this, not for team / user passwords (the user penetration rate compared to shared sticky notes and tribal knowledge is pretty poor - trust me, I don't even do it and I just drop it in a private gist or something because just logging into a system is enough inconvenience).

5. No prominent "talk to a representative" kind of link. Most of these people want to talk to a human / sales person first (they want a throat to choke if things go wrong - they want a relationship, not a product / service), and they don't want to read a whitepaper probably either. Some rather technical folks will be interested, but the number of info security executives I've seen that are still technical to the degree they could understand a solid security paper in a F100 are countable on one hand from my experience.

From a more abstract level, it really doesn't sound the most friendly / human-centric of a pitch to me, it might as well be a set of bulletpoints. It doesn't look like a "here are your problems, here's how we'll solve them" narrative. Most successful enterprise and b2b pitches are based around demonstrating you have competency in solving the fundamental problem through using your product / service, not selling the technical product or anything at all. For example, Square had the problem where they were compliant, simple, and everything awesome after tons of feedback, but merchants didn't care. Then with some real-life reference users they broke through.

For a reference point of "quality," the Cyberark vault implementation in place where I'm now is horrifically bad - 8 character passwords rotated through maybe every day and passwords are locked when a user checks it out, and only administrators can break locks on "checked out" passwords. So it means single user mutual exclusion root access to a server. Supposedly we don't use anyone else because nobody else would bend to the really bad / insecure demands we asked, but I am no authority on the steps that led to such a poor system.

The enterprise security model is that every administrative access to systems must be gated somehow behind 2FA or a physical presence (ID badge swipe works). VPN counts perhaps, but then we're asked for 2FA again when accessing passwords. But even with this secrets store system most admins that are productive here don't use it because it's so restrictive UX-wise (it doesn't support ssh key access, for example). There's a separate effort going on for ssh key management that's being custom-developed with some partners, and that'll take so long it'll be 2017 probably before it's released.

Anyway, best of luck. Enterprise is a hard space to break into but once you're in you're basically in for life at this point even if your software is so bad that it directly causes the death of someone... unless a lawsuit is involved. Then you're out the door in less than a week. That's the only thing I've seen enterprise companies take swift action on that destroys start-up competencies - legal issues.