Transparency is the key to building trust with your customers, especially when it comes to your security and risk posture. Not being forthright and honest from the beginning can slow deals down or even cause you to lose them outright.
When asked about the characteristics of best-in-class SaaS vendors on security, 70% of respondents in a McKinsey & Company survey cited transparency. That same study also found that more than 70% of respondents said uninformed or misleading claims about security capabilities were a cause of dissatisfaction.
Vendor security assessments are a good place to forge transparent relationships with your customers. They allow you to be upfront and straightforward about the security practices you have in place to ensure privacy and protect customer data. Having an issue with your security assessment is a surefire way to disqualify your business from consideration.
Security assessments don’t have to be a four-letter word
Some salespeople hate the security review process because they’ve had a bad experience in the past. Either they lost a deal because they weren’t ready when a security review was sprung on them last minute, or the deal pushed out way longer than expected. But that bad result likely came because of a lack of preparation.
If you’re selling into the middle to upper end of the market, you should plan to do a security review from the outset. Build it into the sales process. When you’re conducting discovery, identify what security needs they have and that will determine what your response should be.
Taking this proactive approach to vendor security will ensure you don’t have any surprises at the end of the sales cycle that could delay the deal. And as any good salesperson will tell you, “Time kills all sales.” Being transparent about your security posture should only serve to accelerate the sales process.
Read The Ultimate Guide to Vendor Risk Management
The current processes for managing and assessing vendor risk and security are manual and outdated—but it doesn’t have to be that way. We go over best practices to modernize your vendor risk assessment program to take it to the next level.
Tips for Transparent Vendor Security
There are many little things your business can do to show your customers that transparency about your security policies is a priority for your business. A few are highlighted below.
- Make your security profile public. Having a public profile posted on your website or in a directory like the Cloud Security Alliance’s STAR Registry or the Whistic Trust Catalog that your customers and prospects can access quickly and easily shows that you have nothing to hide. While there may be some details about your security posture that you’d prefer only to be made available through an NDA, a public profile is a good starting point and oftentimes will provide enough information to pass a security assessment without any extra work on your part.
- Share your security posture early in the sales process. Stop being reactive to security requests. Own the conversation and put the ball in the customer’s court by sending them detailed information about your security posture, including answers to standardized questionnaires and any audits or certification documentation you have. If the customer’s goal is to ensure their data will be protected, it shouldn’t matter if it doesn’t match their format exactly. Being transparent about your policies and procedures will make sure you’re starting your relationship on the right foot.
- Be responsive to questions and concerns. Once a prospect has reviewed your security profile or response to an assessment, they may have additional questions or need more clarity. Respond to these requests quickly with precise, thoughtful answers. Make sure everything you say can be backed up and doesn’t mislead the customer about what your security capabilities are.
- Partner closely with your security team. The best way to get those answers as quickly as possible is by partnering closely with your security team. They’re likely also responsible for evaluating vendors your business partners with as well, so they’ll know the type of information that will be most effective in resolving any concerns the customer may have.
- Actions speak louder than words. There is a lot of pressure for SaaS sales teams to close deals and close them fast but make sure they aren’t making promises your product can’t keep. It might help you win business in the short term but will hurt your reputation in the long term.
Being fully transparent with your customers can be hard, especially if there are current limitations in your solution’s security. But losing a deal or two is better than being responsible for a data breach in the future.
Build trust with Whistic
With Whistic Profile and the Whistic Trust Catalog, sales teams have the tools in place to build transparent relationships with their customers and prospects. Whistic makes it easy to share up-to-date security, privacy, and compliance documentation that is aligned with the industry’s most widely adopted standards.