Interview #1: Building a Successful Security Platform with Trustpage

Updated: Aug 25



Chloe Mason: I'm Chloe, Partner Manager at Upstack and I'm currently heading the 404Partners network. We're the number one marketplace for startup and developer deals and we're also powered by Upstack. On our platform you'll be able to browse from a wide range of business solutions designed to build and scale your software product. Today on the 404Partners channel, I'm happy to invite both Mara, Head of Growth at Trustpage and their Head of Trust, Jay Lloyd. If you haven't heard of Trustpage before, then you're missing out!


Trustpage is a platform that helps companies communicate their security posture with prospects, customers and internal team members. Their platform exists to make the process of determining whether two companies can work together simple and easy - all of which speed up the sales cycle by helping to meet customer’s security requirements. Trustpage is also giving our community at 404Partners two months free on all plans. Just head onto our website to claim your deal as soon as possible.


I think it’s just so important to have a platform that teaches companies how to safeguard their data, especially where fraud and cybercrime can take place anywhere on the Internet. I’d like to start this discussion with my first question, which is, why is trust & transparency so important nowadays for B2B SaaS companies?


Jay Lloyd: Well Chloe, today cybercrime is a huge issue that we're dealing with today. It was projected that the cost of cybercrime is going to reach $6 trillion by the end of this year, and even go beyond 10 trillion by 2025. The reason why this is important is that all companies today are software and data companies. We're talking from large tech companies such as Salesforce to the hair salon that has your personal data... so it's getting increasingly easier for cyber criminals to steal data. It's important that companies are doing what they can, and have a responsibility to their customers to keep their data safe. What that means is that a large company may be able to recover from a reputational damage or from the costs of fines for any data breaches, but for small to medium businesses, it could be a crippling blow if they aren't taking security seriously. What we're starting to see is a shift culturally in how companies are starting to think about how they built their software, and who they decide to partner with. We're starting to see that not only companies are more selective about who they hire as vendors and share their data with, but they're also thinking differently about how they select data from users and whether they need their address for example. Thirdly, they are thinking about how to keep their employees educated and ensure that they are keeping customers data safe to protect them against cyber criminals.


Chloe: You also speak about a trust-led growth approach on your blog, what does it mean for you to lead with trust?


Mara Willemin: Thank you so much Chloe for having us. As we talk about the importance of needing to demonstrate trust to our customers, it really comes down to the fact that all companies have some aspect of their customer journey that includes demonstrating that trust. It could be that in your sales cycle, if you're going through a formal InfoSec review with your prospects before they decide to work with you, as Jay was mentioning, it could be that you're providing updates to your customers with some aspect of your information security, or when privacy and compliance policies change, or if you're an enterprise customer, they sometimes want to go through audits on a yearly basis to ensure that nothing has changed.


Traditionally the way that we demonstrate this has been messy, complex and outdated. Usually it's a massive hurdle that's either late stage in the sales cycle after you've already aligned on the business and technical components, or it's a manual process that involves a lot of resources from your technical team. Usually that's not only done in spreadsheets and back-and-forth emails, but we also have customers who want to self-serve and self-adopt for a lot of products too. This is why we see rise in things like product-led growth. It's a challenge though when somebody gets into your platform they want to engage, they want to adopt, and they want to get to that aha moment as quickly as possible, but there's some aspect of security they have to go through which inevitably pushes them through all the way up into this top down sales approach, which we're trying to avoid.


What we learned in our last company is that when we scale into the enterprise level, we work to make sure that we lead with trust early and often in the sales cycle, we could actually make it easy for people to adopt our product. Basically what that looked like is educating our buyers and providing as much information as we could upfront, teaching and coaching them on how to get internal buy-in from their companies and organizations, but especially from a true product-led growth standpoint. By having that trust and building that customer confidence unlocks the ability for somebody to truly adopt your product from a product-led standpoint.


Our notion of trust-led growth is how can you demonstrate that trust early and often, can you provide customers with the information they need to know, can you make it easy for them to engage with sensitive documentation or information? (So you don't want to put everything publicly) - and can you make it really simple for them to complete questionnaires or reviews on their own without needing you to go through repetitive work to make that happen in a manual capacity?


Chloe: Could you also help us understand what you mean by a trust center and how it can be defined?


Jay: A trust center as I like to describe it, is a pathway to building trust. Trust is something that isn't created overnight or out of thin air. It's much like a nutrition label that shows all the different ingredients that a company puts it into their security program. By having a trust center, prospective customers easily see what a customer is doing to protect their data. While many companies have built what we call DIY trust centers, they are very much static websites where the information is listed there, but if you have any questions and need more information, it's still difficult to try and find it.


Our product makes the trust center a more collaborative hub where your customers and software vendors can communicate on those ingredients in the product and resolve any questions to build trust. This allows companies to gate some of the information behind NDAs and streamline that process such that it's not just a process of exchanging spreadsheets and send emails back-and-forth, where things get either lost or messy... or so also insecure passing that information through email like that.


Chloe: Is there anything else that a trust center does to build trust with its prospects and customers?


Mara: The more information that you provide upfront, again with a fine balance of what feels right for you as an organization by way of what can be public, and what needs to be sensitive and reserved. Of course there's always that balance there, but the more information you provide upfront, the less questions you're actually going to get from your prospects in that sales cycle.


Jay and I actually worked on this together I would say from the Trustpage team, I am continuously humbled by their intelligence as we've got a lot of experts on security. Our CEO and founder was the previous CTO at our last organization, who was handling this alongside Jay, who was our then Head of Engineering, now Head of Trust, and myself who is owning all of the enterprise deals function. We really tackled this problem head-on before, and so now what we see is companies that are using our product, we provide that process of turning security less from a hurdle at the end of the sales cycle really into a differentiation.


While that looks like providing that information upfront, it can also be a dynamic place beyond - sometimes I'll even see help center articles that companies will put up about security, which again is a great first start, but like Jay mentioned it lacks that dynamic - so what Trustpage enable is include an interactive way with your customer so they can deepen collaboration with you. So if I'm going through that process, I've determined the overview looks great and you feel good about how your policy is structured - but you still have some more questions I might want to request from an organization their infosec docs or maybe SOC 2 report. A trust center enables that collaboration.


You can directly go to the trust center, request that document, and then it deepens the collaboration from the sales team. So what has traditionally been a very black box: you usually send out your docs via email, you hope they get to the right security person that you're not talking to, and you have no idea what happened thereafter - so you're just bugging a bunch of people to see what's going on. Now, what happens is that anytime your customer requests that documentation, we actually directly integrate with salesforce, HubSpot and Slack, so the sales person or the security team, whoever is owning that, gets the request that your customer is requesting access to that documentation - they can choose to sign off on NDAs to make sure it's a secure exchange and then now there's visibility into who's actually accessing your documentation, when they're viewing that doc.


The other thing I would say too, which is what we haven't really discussed as the final piece to how companies are using trust center, is a lot of other things, for internal teams it's really important that sales is getting this right, there are real legal ramifications for not properly communicating this. It's usually always a pain point for the sales team on how do we make sure that sales is probably talking about it. Therefore a lot of teams shy away from it. Our take is how you want to offense and enable your sales team to be able to effectively and really most importantly adequately answer these questions in a secure way. The sales team has now an entire database they can go to and get their questions answered, dynamically updating based on their content they're having.


Chloe: I see... you mentioned that Trustpage integrates easily with Salesforce and makes it easier for Sales teams - is Trustpage also tailored to developers, engineers etc.?


Jay: While a trust center allows a software vendor to collaborate with customers, it also allows an internal collaboration as well. As you think about the nutrition label, you start to look through those different ingredients and you may say, hey I see that we have high fructose corn syrup in the mix and I want to get rid of that... that's an opportunity where you may need to collaborate with the developer and security information team to figure out how you might go about resolving that. The other thing that's nice about a dynamic trust center is that those are things that you can put on your roadmap and communicate to your customers. We're working towards improving in these areas, which goes towards building trust. While you have that collaboration with your customers, you can also get that collaboration with your security team, and making sure that you know you're building the strongest program possible.


Mara: The only other thing I'd add there too is, that usually the technical folks on your team are spending all of their time and energy, and want to spend their time and energy on actually building the security policy and posture. What they don't usually wanna do is spend their time being pulled in to defend or communicate, or have to demonstrate what that is - that's a lot of time in energy that pulls them away from actually to be able to be heads down on continuing to build the product and build those policies and postures.


So if there's a way in with the trust center where the technical teams can communicate that and enable sales and customers to effectively understand what that is, it gives them time back as well. We talked to a company the other day and they have a DIY page on their website and he was saying this is a great start but again, like Jay mentioned, we're still getting all these questions - and also he had to go back and update my marketing team on a monthly basis and give them stats on some changes we made and now I have to go communicate with legal to build out all of these communication and email cadences to let our customers know what's updated.


What's exciting for security too is that they now can own this information in their hands and they don't have to involve other team members in order to clearly communicate that.


Chloe: I see. So it's a really huge timesaver and also creates efficiency right instead of going back-and-forth. My final question is we're just gonna wrap up this interview. I see so many products on the Internet that claim to protect users from fraud and safeguard data, why should companies choose to use Trustpage to communicate and collaborate their security on their security posture and policies.


Jay: Ultimately what it boils down to is transparency. It's something that we talk about often in the trust journey, it's being transparent about what it is you're doing. So whether or not you have the proper security protocols when you're storing data, transmitting data, what data you're storing, are you ensuring that your employees are enabling enough multi factor authentication so that when they log into different accounts, it's not subject to breach and exposure. So by being upfront with that, it gives customers more confidence and showing them that you're not shying away from that conversation, and you're proud of the security program that you're building and that you continue to evolve that program to keep everyone's data safe. So transparency goes a long way...


We also talked about trust-led buying, which is where you start to look for shop for software vendors that security and their posture is one of the things you look for upfront instead of going through this this long process, and then finding out at the end that they don't measure up to your requirements. Now you can have potential customers coming to your website and seeing that this company is taking security seriously so they're someone I want to engage with from a buyer's perspective it could be a huge differentiator in terms of who you decide to evaluate and become a customer of those vendors.


Mara: The last thing I would add onto that as well is that there are some other companies that talk about doing security or RPs or reviews in an automated way, and what we've heard is that they're not laser focused on a specific company nor tailored to the organization... So I think, as a selfish plug, what's really cool about the way we built the product is that it's designed to understand each company and each company's natural language of trust and security - what are the ways that you uniquely answer something and you talk about something so that we can provide you suggestions so that when you upload a questionnaire for example that you completed with a customer, and it has different language or different messaging - we're going to provide suggestions and updates to your trust centre to ensure that everything is up-to-date and relevant. We ensure that you're using all of the language that you've already used in your trust centre to really help you answer that question.


Not only from the transparency perspective on why it matters at large - I think the platform itself is built in a highly sophisticated way that's tailored to each team.

46 views0 comments

BLOG