ngrok is a rapidly-growing ingress platform that combines your reverse proxy, firewall, API gateway, and global load balancing to deliver apps and APIs faster and more securely. More than five million developers are a part of the ngrok ecosystem, and the company is quickly becoming a fixture in the enterprise development world.
In the past year, the organization has experienced massive growth, more than doubling its employee base as it realizes success in larger markets and with organizations like Databricks, Zendesk, and Microsoft.
Since its early days, ngrok has been steadfast in its commitment to security, with leaders expressing a determination to pursue its goals “with security front and center,” according to Arianna Willet, ngrok’s Senior Director of Security Risk & Trust. Not only does ngrok’s product need to be highly secure, the company’s buyers and customers need to be made aware of its industry-leading security posture. The level of trust the company is able to build with its buyers acts as a differentiator.
“ngrok is an API-first unified ingress platform that runs production traffic. The amount of trust that requires is incredibly high,” said Arianna.
The team at ngrok recognizes the value of the vendor risk assessment when it comes to effectively building trust with buyers. Every buyer must do its due diligence to understand ngrok’s security posture, including a thorough review of the company’s security documentation and information.
Yet, engaging in the traditional security vendor review process wasn’t a viable option for the team at ngrok. Not only did Arianna and team find the process to be lengthy, tedious, and repetitive, but it was also a suboptimal experience for the company’s buyers. ngrok needed a sustainable program that would save their team time while also building and maintaining trust with buyers and customers.
Implementing a security review process for the future
One of the first initiatives Arianna undertook upon joining ngrok was to implement a SafeBase Trust Center to facilitate ngrok’s customers’ security reviews. She wanted to make sure that the process in place would reduce the security review burden on her team, while simultaneously reflecting the seriousness with which the company approaches cybersecurity.
“Security questionnaires were always a sore point in my roles at past companies,” said Arianna. “The whole process was more manual work than it needed to be.”
She wasn’t willing to fall back on the laurels that had become embedded at other organizations, where security reviews were viewed as a “necessary evil.” In addition to improving the experience for her sales team and the company’s buyers, she wanted to implement a process that would support the company as it grew rapidly.
“This has to be able to scale as we grow to a much larger salesforce,” said Arianna.
With SafeBase, ngrok can house all of its security documentation and information in a customer-facing Trust Center. Buyers and customers can conduct their own security reviews at will, requesting access to sensitive documentation, such as the company’s SOC 2 and pentest reports, and signing an NDA directly within the platform.
Sales shares the Trust Center with buyers early in the selling process, encouraging self-conducted reviews while also reinforcing the company’s trustworthiness from the get-go.
On the backend, Arianna always keeps the Trust Center up to date with the most recent security documentation. This ensures the sales team (and buyers and customers) only have access to the most relevant information.
“It’s one less thing my team has to be concerned about,” said Mark McAndrew, ngrok’s Director of Sales. “As a seller, you can’t always answer all of the questions. You’re pinging people, looking through knowledge bases to hope you get the answer, then you have your security team do a pass, then you do a pass. Now we don’t have to do any of that. It’s peace of mind.”
Introducing scalable, sustainable security reviews
The use of SafeBase instantly created a more scalable, sustainable security review program for ngrok’s team and their buyers and customers. By leading sales conversations with the Trust Center, the sales team almost always bypasses the need to complete a security questionnaire.
“We’ve had a ton of great feedback from our cross-functional partners,” said Arianna. “The sales team loves it and the brand team was thrilled. For me, it’s easy to use, and reduces a lot of the back and forth with customers that slows deals down and takes time away from other initiatives.”
When there is a need to respond to security questions, any answers not in the Trust Center’s Knowledge Base get added in. This has the effect of both growing the company’s wealth of security information, as well as making it more accessible to the front line.
“That growing knowledge base democratizes information that has traditionally been siloed with the security team,” said Arianna.
The proactive, transparent nature of ngrok’s approach has hastened the company’s sales cycles while reducing the security review burden for the company’s security, sales, and legal teams.
“When we’re in a deal, it greatly reduces the amount of time that we need to spend on security reviews,” said Mark. “It’s a single place they need to go where they have everything that they need at their fingertips. Now, it’s more of a checkbox than an active engagement, which, in my past life, could take three to four weeks. Now, sometimes it’s a day. They’re just doing their process internally, and then it’s done.”
“It makes my life so much easier,” Arianna said. “A process that used to take weeks now can be completed in a matter of minutes, and I usually don’t even have to get involved. Now I can focus on having the most strategic conversations, rather than getting into the weeds of every deal.”
Arianna and the ngrok sales team also appreciate the message that the use of SafeBase sends buyers, who feel more confident in the company’s commitment to security.
“For us, transparency and trust go hand-in-hand,” said Arianna. “The SafeBase Trust Center demonstrates to our buyers and customers that we do the things we say. It’s a show of integrity.”
SafeBase is the scalable Trust Center that automates the security review process between buyers and sellers. With a SafeBase Trust Center, companies can seamlessly share sensitive security documentation with buyers and customers, including streamlining the NDA signing process by integrating with your CRM and your data warehouse.
If you’re ready to take back the time your team spends on security questionnaires, create a better buying experience, and position security as the revenue-driver it is, get in touch with us.
