Asana is a company with a bold mission: to help humanity thrive by enabling the world’s teams to work together effortlessly. The company’s 1,782¹ employees know that when an entire organization is aligned and collaborating to solve problems, they’re well-positioned to achieve the company’s goals.
Solving problems and working on tasks together at scale requires a certain level of trust: trust that the team is supporting one another and trust that the data and information involved is secure. That’s why at Asana, data security is a top priority for all internal teams.
“We truly believe that our product, our features, and the value of our product, are beneficial for all organizations, but especially large-scale organizations. Executives set strategy, the mission of the organization in Asana, and it trickles down,” said Monica Smith, Head of Security Risk and Compliance at Asana. “Our product allows every person at the organization, no matter what level you are, no matter what team you’re on, to collaborate with each other, but even more importantly, tie the work that you’re doing day-to-day to the organizational strategy and goals.”
To that end, Asana has built an industry-leading security posture that the revenue team leverages to win deals. It is the Revenue team’s role, in partnership with the Security Risk and Compliance team, to ensure that prospects and customers are aware of and deeply understand the company’s commitment to security.
“As we partner more closely with enterprise organizations, security plays a direct role in helping close deals and helping maintain relationships,” said Monica. “A lot of orgs will have security requirements as part of their due diligence and will require us to do a security audit... The pace at which that’s moving requires us to think intelligently about how we’re going to scale our security program with the limited number of resources that we have.”
Historically, communicating that foundation of security was a tedious and time-consuming effort. Prospective customers would regularly send lengthy custom questionnaires to be completed by the Security Risk team, often at the very end of the deal cycle, delaying the signing of contracts. The Sales team consistently felt the pain of cobbling together critical security information, an exercise that could hold up a deal being signed or otherwise diminish the buying experience.
Meanwhile, the Security Risk team felt the burden of responding to ad hoc questions and an onslaught of questionnaires, taking them away from more strategic projects and conversations with customers.
Jaime Coleman, head of the company’s mission-driven Non-Profit and Education arm, described the challenges of the former security review process for her Sales team: “Previously you had to patch together the information you needed… We used to Slack a channel with 500 people on it, pinging various members of the security organization, combing through guides and searching for things. There must have been between five and ten channels people used to navigate [to get answers].”
To proactively demonstrate Asana’s commitment to safeguarding customer data, the Sales and Security Risk teams aimed to bring security to the beginning of the sales conversation. This approach also helps minimize last-minute security review requests and reduces the likelihood that a deal will be blocked due to a security review.
“In many cases, security is the most important feature,” said Security Technical Program Manager Brian Tobin. “It often comes up right at the end in the contract phase, when you’re trying to close the deal. That’s not the time to be talking about the most critical feature of your product — it’s at the very beginning.”
Asana’s Security Risk team turned to SafeBase to help them proactively demonstrate their commitment to security and create a frictionless process for sharing critical security artifacts with customers. With its SafeBase Trust Center, the team showcases all of its security philosophy, documentation, and artifacts in an organized, interactive space. The Trust Center facilitates a seamless NDA approval process, minimizing back-and-forth interactions among Sales, prospective buyers, and the Security team.
“In order for our customers to believe in our philosophy, they have to believe that our product is really safe. Trust is critical to that,” said Brian. “They know that if they put their data into Asana, Asana will take efforts to safeguard it to the highest degree and will be used in the way they intend it to be used. That’s where a Trust Center comes in. This is the way that, as a Sales team, we can show how we’ve earned their trust — they can always see that we’re meeting their security and privacy commitments to them.”
The Trust Center is integrated with Salesforce, and can be shared with prospects and customers via a simple magic link — no logging in required. The company’s security leaders characterize SafeBase as a “zero-friction program,” referencing the vastly improved experience for buyers, as well as the Sales and Security Risk teams.
“It’s important to have something public and easy to use,” said Sean Cassidy, Asana’s Head of Security. “It can’t be gated or require a signup. It needed to put our security program front and center. It’s a balance of ‘Here’s our great security program, we’re going to brag about it,’ and ‘Here’s a giant list of things we’ve done.’ You should have an overwhelming sense of, ‘They’ve got this.’”
Since implementation, the Trust Center has become an integral part of the way Sales partners with prospects and customers. According to Sean, “SafeBase is the most important first starting point [when looking at security’s impact],” said Sean. “It sets the tone.”
“We train sales on how to use and talk about the Trust Center. We tell our sales teams: If your customers haven’t already asked about security, they will probably ask about it,” said Monica. “You can get ahead of this and reduce potential future friction due to a security questionnaire — you should let them know early on in the sales cycle that we have this Trust Center.”
Via the integration with Salesforce, the security review process is now a part of the Sales team’s regular workflow. Salespeople can provide access to the Trust Center in just one click, reducing complexity and increasing seller control and insight.
“The integration with Salesforce is really key for us. Our goal was to minimize the friction for our customers — and us — to give our customers confidence in Asana,” said Brian. “Minimizing the friction meant letting customers request content freely, so sales just has to talk about it, and the customers can pick and choose what they want.”
The implementation of the SafeBase Trust Center has been transformational for the company’s ability to lead with security. With an increasing number of deals interacting with the Trust Center, the Security Risk team can be confident that their work is impacting the company’s bottom line.
The Trust Center goes a long way to save time and resources during the sales cycle. With SafeBase, Salespeople and the Security Risk team alike are freed from the traditional burdens of distributing sensitive security documentation and laboriously compiling together security information from various sources.
“It’s infinitely more efficient having a program like SafeBase,” said Brian. “The sales team is no longer the gatekeeper. Now your salespeople can focus on selling — on selling security — and not gatekeeping content. That’s a great ROI: we save Sales time.”
Meanwhile, the Trust Center mitigates the need for the typical onslaught of custom questionnaires, allowing the Security Risk team to focus only on the highest-value conversations.
Said Brian, “From our side, questionnaires are a pretty time-intensive and costly thing to do. When you have 150,000 companies using Asana, we can’t physically complete questionnaires for everyone. A zero-friction, more open program helps us amplify our commitment to security and privacy. But it also allows us to keep up with the immense demand from our large and small customers.”
The use of SafeBase is driving a higher-quality buyer experience, making good on the company’s mission to support growing organizations and help their people thrive. That improved experience translates into shorter deal cycles and more confident customer relationships.
We’ve received a number of messages from Sales, solutions engineering, and even customers who say ‘This is the best thing ever, thank you for making our lives so much easier,’” said Monica. “Customers have been like, ‘This is awesome.’ They’ve never seen anything like it before.
¹ As of January 31, 2023