Chief Trust Officer: Building Relationships on Trust
When Informatica talks about trust, we’re usually framing it around trusted data. It’s a core element of an enterprise data platfor: Can you trust that the data is accurate, timely, etc.?
But then there’s security: Can you trust that your data is secure? In the cloud, on premises, regardless of application, at rest and in transit — is your data safe?
It’s a question that our customers are asking with every step in their data-driven digital transformation. And it’s a question we’ve worked hard to answer. Our evolving focus on trust and security has affected how we design our solutions, how we work together internally, and how we talk to our customers.
Building trustworthy products
A cornerstone of building trustworthy products and solutions is our chief trust officer, Bill Burns. Originally in the IT group as our our chief information security officer (CISO), he’s now in the Research & Development group; the team that builds all our products. That key shift has been vital to driving a transformative and integrated approach to how we focus on security.
At our customer conference, Informatica World 2017, Chief Products Officer Amit Walia said that “security is a design principle” for our cloud products. This is consistent with the industry direction of “baking security in” to products from the beginning rather than “bolting it on” at the last minute. Our perspective is that security should follow the data around — whether that data is moving across an on-premises, cloud, or hybrid infrastructure. That’s intelligent security, and it needs to be present in our products as well as within our own data infrastructure.
Bill’s role lets him drive those changes, developing relationships and best practices with our developers and product managers, while also being in conversation with IT leadership and our customers about core issues.
At a Reston, Va., CIO Perspectives event, he told the audience he’s trying to shift the security conversation left, to the beginning of the process, to give developers the best tools, metrics, and more to protect customer data: “I’m trying to find the right training to give developers—that says, ‘You shouldn’t even design this code this way. This is how to write secure code that won’t get broken into.’”
(Hear Bill Burns’ full talk, “IDG CIO Perspectives: Secure cloud migration,” here.)
Building internal trust
In our internal discussions, “security” is not the sole realm of the CISO. The concepts of trust, reliability, and security figure into every aspect of our business. Trust affects how you secure your IT infrastructure, how you build your products, and how you work with customers and their sensitive data. Every leader in your business needs to understand the importance of data trustworthiness and security. This is one team that everyone is a part of.
For example, Bill and I meet every week to keep each other informed on our priorities, strategy and what we’re hearing from customers. I cannot overemphasize the importance of cross-functional conversations about risk management, business trends, and customer feedback. Each person who comes in contact with a customer holds a piece of the total “customer puzzle”—a puzzle that directly contributes to success, and no one person or function can put together.
Building external trust
As enterprises get more sophisticated about IT security, they realize two things: First, that it’s the security of your data that matters most, and second, that your data is spread out all over the place. Our advice to our customers is to focus on values that we do our best to live up to: vendor transparency, key industry standards, due diligence, and ruthless execution of the basics.
For example, we increasingly see our customers outsourcing security functions and expanding vendor relationships so that they can focus on their core business. But to trust those outside agents, they need transparency. We’ve seen a massive uptake in the use of increasingly complex assessment questionnaires, often from third-party auditors. In response to this growing desire for transparency and an understanding of how Informatica would build trust with our customers, we’ve created a Trust Center that makes it easier for our customers to understand and trust our approach to security.
The trust challenge
It’s a familiar refrain from customers across every technical topic: “I’m not even sure which questions to ask.” The solution to that? Increase trust and transparency in your own organization, and to expect your vendors to do the same.
We have found that embedding a CISO-quality trust officer into our product organization has improved both how we work on security issues and how we communicate about those issues to our customers.
My advice to enterprises is to ask your vendors, “What are you doing to truly create a trustworthy enterprise,” and then to challenge your own organization with the same question.