dbt Labs is a software company whose product, dbt Cloud, is a transformation tool that allows SQL users to engineer data transformation. The company is focused on making data transformation reliable, fast, and providing analytics to the entire organization. Users of dbt Cloud plug the software into the data warehouse to process data and turn it into datasets that can be used for Machine learning, BI tools, and/or operational analytics. Because the information the product touches could be as benign as time spent on page to much more sensitive data like customer contact information, pipeline numbers, etc, the security scrutiny of a potential customer varies greatly.
When Randy Hanooman, Director of IT & Security, joined dbt Labs in September of 2020, the company was just under 50 employees. They were selling to small and medium sized businesses, and working towards their SOC 2 Type II compliance to move upmarket into the Enterprise space. The company was growing quickly, both in terms of customers and employees, and Randy found that the number of customer security reviews was increasing steadily month over month.
On average, the security team would receive anywhere from 10-20 customer security questionnaires per month (sometimes more), with each questionnaire taking between 1-3 hours to complete. The security team was lean and this was no trivial amount of time to spend responding to ad-hoc requests, but it was important for them to build trust with their customers.
In December of 2020, dbt Labs received their SOC 2 Type II certification. This was a significant achievement, and helped unlock several Enterprise deals that called for a SOC 2 certification. Achieving the certification was only the first step: sharing the SOC 2 added manual work when responding to customer requests. Each time, the team had to get an NDA signed by the prospect, watermark the document, and then send via email.
It wasn’t long before Randy decided he needed a better way to respond to security reviews, and specifically to protect & control access to the security documents. SOC 2 reports, penetration tests, and other security artifacts contain highly sensitive information, so from a security perspective it made sense to manage access and ensure that NDA and other protective measures were in place.
Randy was looking for a simple solution to securely share security documentation with prospects, and to simplify the process for dbt Labs’ sales team. His search for a solution started like most: a series of Google searches. He evaluated a few products, but when a former colleague mentioned Conveyor Rooms (called Aptible Rooms, at the time), Randy decided it ticked all the boxes.
He liked the fact that Conveyor Rooms came with NDA gating and document watermarking out-of-the-box. The ability to share a link to the dbt Labs Room with the sales team, and approve access requests from the prospects, was also a key feature that helped keep access secure. Randy wanted something that was simple to implement and easy to get started. Rooms was the answer to dbt Labs’ needs.
Since implementing Conveyor Rooms in early 2021, Randy has seen a decrease in the amount of time the security team spends responding to customer security requests. In some instances, sharing the security documentation (SOC 2 report, penetration tests, etc) early in the sales cycle is enough to satisfy the requirements of the prospect and the team can avoid a questionnaire altogether. The team is also spending less time managing the back-and-forth of NDA signatures and document watermarking, which has significantly cut down on the time the security team spends on manual work.
The sales team have also seen benefits with the new process. All it took was a quick Notion page to “train” everyone on how to share a link to the dbt Room, and now sharing security documentation is simple, fast, and helps them build trust proactively.
“If Rooms went away it would cause a big hiccup in the sales process. They really love it, it’s so easy and upfront.”
In addition to the time savings that the dbt Labs team has realized, Randy has also been able to measure, in business terms, the value that the security team has brought to the organization. Through the partnership with Conveyor, Randy receives quarterly reporting that ties Rooms activity to pipeline and revenue. Larger deals close at least 5 days faster when the customer accesses their Room, and new customers are 3 times more likely to close when the customer accesses security documentation via the Room.
dbt Labs has experienced significant growth over the past 14 months since Randy Hanooman came onboard. The company has grown from 58 employees to 160+, they’ve onboarded many new customers, expanded into the Enterprise market, and are currently undergoing audits for their ISO 27001 and 27701 certifications as their security posture evolves. The Security and IT teams are growing; it is important to their Leadership to devote more resources to those areas.
As dbt Labs moves into the next year, Customer Trust remains at the forefront of building their customer base, and Conveyor Rooms remains a key part of their strategy for building that trust. We can’t wait to see what 2022 holds for them.
Want to claim your free Conveyor Room and start to see how you can spend less time responding to customer security reviews? Click below to sign up for free!
“As a security practitioner, it's always hard to show the value of security from a numbers and value perspective as it relates to revenue. Having the numbers we have now, it's been a great start to correlating the team's efforts to won revenue.”
Randy Hanooman, Director of IT & Security