Beyond security: The importance of vendor trust and data protection
If 2020 taught us anything, it’s that moving to the cloud can deliver the resiliency, flexibility and cost controls businesses need to survive, and thrive. Unfortunately, though, it also increases the risk of data breaches and cyber attacks.
To learn how organisations are dealing with the security challenges brought on by the move to cloud, DocuSign’s Chief Trust & Security Officer Emily Heath recently hosted a webinar on the thorny topic of trust. She spoke to three absolute experts in this field: Ben King, Regional Chief Security Officer, Okta; Angela Donohoe, CIO, BPAY Group; and Mark Johnston, Head of Security, Google Cloud APAC.
Together, our guests explored some of the big questions facing businesses today. Can you trust the digital platforms and products you use? How do you know that your sensitive data will be protected? Are you sure your vendors have your best interests at heart?
If you missed the webinar, we’ve summarised the key take-outs below. Or, you can catch it on-demand now. It’s a compelling watch, trust us.
First, why does trust matter?
To kick things off, Emily asked our three highly experienced guests what trust means to them. Ben jumped in first. “Trust is the single biggest differentiator in a remote, post-COVID economy where consumption patterns have shifted so much back to online. It’s about confidence and capabilities – confidence the third party will do the right thing, and knowing they have the competence to carry out what they say they will.”
Angela looked at what trust means from BPAY’s perspective. “From a business point of view, trust is intrinsic to our corporate reputation. We process over 3 million transactions a day, worth $3 billion. It’s essential that those organisations that offer our services feel they can trust us, and that their customers can trust their payments will get where they need to go in a secure way. Trust is fundamental to our business proposition.”
For Mark, trust and transparency go hand-in-hand. “We need to be able to give the assurity of trust. It’s important to be able to trust, but verify. Third party independent audits are a good place to start, but transparency is still key. Transparency around how we look at third-party vendor risk, how we access information, and how we provide real-time visibility and control.”
So, how do organisations build mutually trusted partnerships?
When it comes to partnering with technology vendors, trust is a fundamental ingredient. At Okta, a global leader in the delivery of identity and access management solutions, recent hypergrowth has meant greater scrutiny around its vendor ecosystem.
As Ben explained, “As security professionals, we’ve got our work cut out for us – to secure ourselves, our data, our people, our customers’ data, and the millions of people who use our service every day. We’re mutually dependent on our suppliers, and we need to be open and honest about how we work together to strengthen our mutual ecosystem.”
At BPAY Group, which is a wholesaler to large enterprise customers, vendor security is paramount. A recent shift away from on-premise data centres to a hybrid cloud strategy has provided a great opportunity to enhance vendor relationships.
“Our hybrid cloud strategy is great for flexibility and efficiency … but we now have issues around knowing where our data is, and understanding the practices of our suppliers to make sure they adhere to our own policies and practices. We also need to share these with our customers, who generally have onerous regulations and standards that need to be met,” said Angela.
Openness, transparency and true partnerships are key when choosing technology partners you can trust. As Mark said, “We know trust comes from transparency, but not just on commercial contractual terms. Can you give me a real-time log of actual actions on my data? This shouldn’t just be aspirational. We should continue to build technology controls that provide continuous visibility and assurity in our supply chain.”
What can you do, right now, to boost security?
The good news, for small to medium businesses that might not be able to afford whiz-bang security experts, is that security resources are readily available. Mark explained, “Google has significant security resources built into its solutions. All organisations get the same level of security – you don’t need a team of security professionals to access our assurances and controls. It means you can focus on your business outcomes, and outsource the security responsibility to those who are good at it.”
You can also continue to educate your employees about the importance of security. As Angela said, “Keep security front of mind, and find relatable ways to have conversations. Educate at home and in the workplace, but find relatable ways to do it to overcome the fear.”
And, continue to focus on trust. Make trust tangible and real. Build trust with customers. Google’s approach is a good one to end on. “We believe in the trust paradox – we want you to trust us more by trusting us less. This means you’re in more control, with the ability to hide your information from us using technology controls you own, like ubiquitous data encryption and confidential computing.”