Security Responsibilities Extend Across the Value Chain
As security professionals, it’s up to us to keep our organizations secure from both internal and external threats. As a part of those efforts we must carefully evaluate the security of tools and services we use from outside vendors.
At the end of the day, we want to know that our vendors care about security and will keep our data safe. We also need to provide that assurance to our counterparts at our customer organizations. Trust centers help us manage these responsibilities by providing a central location to display and review security practices and policies.
3 Benefits of Posting to My Company’s Trust Center
My team aims to support the business with everything we do, including helping our colleagues and making our company look good at all times. Our trust center makes this easier in several ways:
1. Builds Our Organization’s Reputation
Given the business we’re in, you may have guessed, but we’re serious about security at Anecdotes. We’re proud of our security posture and putting it on display signals that we have nothing to hide.
A trust center turns the security team’s efforts into a selling point. By demonstrating our commitment to security and building credibility with current and future customers, we prove that the security team isn’t just a cost center. We’re actively contributing to the company’s bottom line.
2. Saves Us From Being a Bottleneck
Speaking of the bottom line, everybody dreads the inevitable need to involve the security team in sales conversations to answer questions and questionnaires. When a seller needs my help, it breaks their rhythm, interrupts my day, and forces a prospective customer to wait for answers.
Our trust center puts the information prospects need in one easily accessible portal. Some details are public, and the Salesforce integration allows the sales team to automatically grant access to gated materials. This self-service approach reduces instances of slowing down the sales cycle or getting pulled away from core responsibilities.
3. Keeps Us on Our Toes
The trust center shines a spotlight on the work my team and I do. Let’s be honest; we all work a little harder when we know someone is watching.
Knowing that people inside and outside my organization can see a live page with our security controls is an added motivation to maintain high standards.
{{banner-image}}
3 Ways a Trust Center Helps Us Conduct Security Reviews
Security review is getting more complicated and critical as threats and regulations mount. Here are three ways a vendor’s trust center improves the process:
1. Backs Up the Vendor’s Security and Compliance Claims
Just a few years ago, SOC 2 was enough to seal the deal. Unfortunately, the growing use of SOC-in-a-box solutions has eroded the value of SOC 2. Some organizations still go through a deep SOC 2 process in good faith, but since others don’t, the burden is on reviewers to double-check the rigor of the SOC 2 report. Going through the report with a fine-toothed comb and asking follow-up questions can be a real drain on resources.
Trust centers provide an additional layer of transparency. They make it much easier to check out the details and tell who we can trust.
2. Lets Us Get Proactive About Security Review
A trust center helps us get a head start on vendor assessment. When I know that a colleague is thinking of engaging with a vendor, I can assess how much the organization invests in security based on its trust center. I don’t have to wait until we begin negotiations or conduct a security review to examine the organization’s security and compliance posture.
3. Supports Ongoing Monitoring
Security and compliance require constant vigilance. I don’t want to rely on information we gathered all the way back when we originally signed with a vendor—potentially years ago. When an organization has a trust center, we can check in on its security program at any time. That way, we can be sure a vendor maintains its standards, and I can keep my records current.
It’s Time to Raise the Bar for Transparency and Trust
The push for greater transparency in security practices is only intensifying. A collection of reports isn’t enough to build trust. And while regulations keep evolving to protect users’ personal data, expect to start seeing similar requirements for safeguarding customers’ organizational data as well.
Don’t be afraid of this trend. Take it as an opportunity to showcase your security team’s efforts. As your competitors aim to prove their commitment to security, a trust center can go a long way toward coming out on top. If your organization is an early adopter of trust centers, you’ll stand out as an industry leader who takes security seriously.
About the author
