What is trust on the internet?

What is trust on the internet?

Here at Conveyor, our purpose is to build trust on the internet. But what exactly do we mean when we assert that we want to build trust on the internet? While we aren’t in control of the internet’s technical implementation, we see untapped potential in the way businesses connect and communicate in the pursuit of building trustworthy relationships.

We are sharing information at an ever-increasing rate and there is no shortage of apps to connect two parties. And there are implications for both parties: the vendor and the customer. For the purposes of this post, we’ll focus on the plight of the vendor who is trying to build trust with their customer (if you’re a customer who wants to learn more about how to effectively manage your vendors and assess trustworthiness, check out this article which gives a great approach to “leveling up” vendor management).

There are some formidable challenges for companies when building trust with their customers:

  • Handling up to 100 security questionnaires per month
  • Answering non-standardized (oftentimes vague) questions about security
  • Bargaining with customers who want more than the security documents (such as SOC 2 and pen test summaries) that you worked hard to achieve
  • Taking 6-10 hours (sometimes more) just to complete one security questionnaire
  • Coordinating multiple departments that are involved in responding to security questionnaires
  • Creating a secure and scalable way to share evidence of trustworthiness with  customers in a centralized location

For most companies this process is ad hoc, inconsistent, and time consuming. Add to that the fact that the security questionnaire process usually doesn't happen until late in the sales cycle — when time is of the essence. It leads to a pressure-cooker situation where the go-to-market teams are putting significant pressure on the security team to complete the questionnaires, and the security team needs to shift focus from their work to address the urgency.

Imagine a place where all of this information is pre-populated and can be sent to prospective customers (securely) without dealing with wasted time emailing back and forth. That type of information sharing helps organizations build trust with their customers and prospective customers, and it’s how we see the future of doing business on the internet. (If you want to see how you can start sharing security docs with your customers, check out our free Rooms product).

More and more, organizations are spending hundreds of hours (and tens-of-thousands of dollars) pursuing compliance certifications like SOC 2, ISO 27001, PCI, and others in order to validate that their business operates in a trustworthy manner. But simply having those compliance certifications is not always enough to satisfy the security inquiries of the customer (or prospect) and close the deal. Questionnaire frameworks like CAIQ, SIG, and SIG lite were developed in an attempt to standardize the security questionnaire process between clients and vendors. Yet even with the existence of those templates, custom questionnaires persist. And depending on the types of data that will be shared and the access to critical systems, those custom questionnaires can be several hundred questions long.

In this guide, we'll discuss what are some of the critical activities that organizations can take (in addition to achieving compliance certifications) to build trust with their customers and prospects. Then we'll present ideas for how to share security posture early in the sales process to make more efficient use of your internal resources, reduce delays in the sales cycle, and turn your security posture into a competitive advantage.

Next Section