Insights from SafeBase, Omdia, and DataStax on Building Scalable, Transparent Security Programs

In an enterprise world where software is bought and sold based on trust as much as technology, security leaders are reframing how they communicate risk—and value.

In a recent Omdia webinar, “Trust: The Strategic Differentiator in Modern Cybersecurity,” moderator Maxine Holt joined Al Yang (CEO, SafeBase by Drata) and Nic Chavez (CISO, DataStax) to explore how modern cybersecurity teams are transforming compliance-heavy burdens into trust-led business enablement.

‍

Why Trust Is More Than Just Good Security

“Organizational trust is built on competence, compliance, transparency, and integrity—working together, not in silos.”
— Maxine Holt, VP, Omdia

Omdia’s research defines organizational trust as a blend of:

• Competence: Operational strength and day-to-day resilience
  
  
• Compliance: Multi-jurisdictional regulatory readiness
  
  
• Transparency: Proactive, permissioned sharing of security posture
  
  
• Integrity: Proving controls through independent third parties
  
  

Holt stressed the importance of a top-down trust culture, warning that without leadership support, security teams remain reactive—and trust becomes harder to earn or maintain.

‍

SafeBase Customers Are Shifting from Reactive to Proactive

‍

‍

Across the board, SafeBase customers are rethinking how they engage with prospects and customers during the security review process. Gone are the days of waiting for a questionnaire to arrive, scrambling for documentation, and repeating the same answers across dozens—or even hundreds—of evaluations.

Instead, companies like OpenAI, Datadog, LinkedIn, and DataStax are leading the shift to proactive trust engineering, using SafeBase Trust Centers to communicate their security posture in real time, at scale.

Yang emphasized that this shift isn’t just operational—it’s cultural. It reflects a larger mindset change from reactive risk mitigation to intentional, business-aligned trust enablement. SafeBase customers are integrating transparency, accountability, and resilience directly into their product delivery and procurement cycles.

Instead of reactive, one-off responses, these companies are:

• Automating up to 80% of repetitive work like answering questionnaires and managing one-off NDAs
  
  
• Enabling secure, self-service access to tailored documentation based on who the customer is and where they are in the buying cycle
  
  
• Turning Trust Centers into strategic GTM assets—empowering sales, legal, and security to speak with one unified voice
  
  

And it’s not just helping with net-new prospects—it’s fundamentally changing how renewals are handled.

‍

Security’s Business Superpower: Enabling Renewals and Retention

‍

‍

Chavez described the cyclical nature of trust reviews in enterprise software: first during initial evaluation, and then again—often more rigorously—during renewals. For regulated customers, that means requalifying vendors every 12 or 24 months. That’s a huge burden if handled manually.

The problem? Security teams are spread thin. Many organizations are already operating at capacity, juggling incident response, compliance, project work, and product security. Requalifying existing customers—over and over again—pulls attention away from growth and transformation.

That’s where DataStax’s SafeBase Trust Center plays a critical role. It allows their team to:

• Deliver pre-approved, audit-ready security info to customers—before they even ask
  
  
• Align with the sales team on upcoming renewals and identify key security stakeholders proactively
  
  
• Free up security team bandwidth to focus on new product development and innovation
  
  

“On my best day,” Chavez shared, “I’m having one-on-one conversations with strategic customers about our security roadmap. I only get to do that because we’ve automated everything else.”

This proactive posture doesn’t just help retain customers—it builds deeper relationships, demonstrates long-term security maturity, and positions security as a true business partner.

Yang added: “Trust Centers aren’t just about information-sharing. They’re about telling the story of your security program—at scale—without overwhelming your team.”

‍

AI Is Already in the Audit

AI is no longer a hypothetical. Enterprises are demanding clarity on how vendors use, govern, and secure AI models.

“We’ve seen explosive demand for an AI-specific card in the Trust Center. Customers want a place to understand your AI governance at a glance.”
— Al Yang

SafeBase responded with a dedicated AI Trust Card, enabling organizations to detail:

• AI governance & monitoring
  
  
• Third-party AI vendor risk
  
  
• Responsible AI principles
  
  
• Model training and data use disclosures
  
  

This shift is already influencing audit frameworks and buyer expectations—especially in the EU.

‍

The Rise of the Chief Trust Officer

‍

‍

While the CISO has traditionally owned security controls, the Chief Trust Officer (CTrO) role is emerging as a business-facing function that combines security, transparency, legal, data ethics, and customer engagement.

Nic Chavez added that in some larger orgs, these trust roles often start with legal experts who evolve into more hybrid security roles. Others, like DataStax, structure security as three pillars:

• Customer Security (e.g. CISO-to-CISO relationships)
  
  
• Security Engineering
  
  
• Product Security
  
  

This model enables cross-functional alignment with sales, marketing, legal, and product—turning security from a cost center into a growth enabler.

‍

Metrics That Matter: Proving Security’s Business Value

“Security is a business function. You need to show how it supports revenue—not just prevents loss.”
— Al Yang, CEO, SafeBase

Security leaders today are being asked a new question from the C-suite: “How are you helping us grow?” And in response, the most forward-thinking CISOs are redefining how success is measured — not in incidents avoided, but in outcomes accelerated.

During the webinar, Al Yang emphasized the need to move beyond traditional risk-based metrics and start surfacing the operational and financial impact of trust. With modern security programs becoming increasingly customer-facing, the KPIs must reflect business enablement—not just backend performance.

“Security isn’t just about keeping bad things from happening,” Yang explained. “It’s about enabling customers to move faster, and enabling sales to close with confidence.”

SafeBase customers are increasingly reporting business-aligned metrics like:

• % of security reviews automated – Reducing manual workload and response time across the buyer journey
  
  
• Time-to-review completion – From initial request to access granted, tracking efficiency and responsiveness
  
  
• Influence on deal velocity – Showing how faster trust-building translates to faster sales cycles
  
  
• Renewal conversion rates – Proving how proactive trust impacts retention and reduces churn
  
  

Customer access & engagement with Trust Center materials – Measuring how often customers self-serve, what they access, and how it reduces friction

‍

‍

Chavez reinforced that boards and executive teams care deeply about customer trust, renewal predictability, and sales enablement—and security teams are increasingly responsible for contributing to those outcomes.

He shared how his own metrics now include whether security reviews become blockers in the sales pipeline and how effectively his team can support GTM cycles at scale. “If we can’t communicate our security posture in a way that closes deals,” he said, “we’re not doing our jobs.”

What’s more, both Yang and Chavez emphasized that Trust Centers are not just static dashboards—they’re dynamic storytelling platforms that reflect how security and trust are being operationalized across the business.

These metrics don’t just inform security strategy—they shape how security is perceived internally: not as a cost center, but as a strategic contributor to growth, retention, and customer experience.

‍

Takeaways for Security Leaders

1. Trust is a business driver—not just a defensive posture
   
   
2. AI is already under scrutiny—auditors and buyers alike are asking for clarity
   
   
3. Transparency doesn’t mean overexposure—it means structured, permissioned sharing
   
   
4. CISOs must operate cross-functionally, enabling product, sales, and CX
   
   
5. Trust Centers are the platform layer—not just a repository, but a GTM advantage

‍

‍

Watch the Full Webinar

See how SafeBase, DataStax, and Omdia are transforming cybersecurity trust into competitive value. Watch the on-demand webinar.

Download the Companion Report

Omdia’s full research includes frameworks, data, and action steps for building trust-led security programs. Download the report.

‍