Among the world’s enterprise companies, the security review has an important place.
“Buyers and customers have to feel very confident about your security program,” said Monica Smith, Asana's head of Security Risk & Compliance.
But even as the B2B security review rises in importance, for most enterprise organizations, the cumbersome process has remained the same. The biggest problem?
“It doesn’t scale,” said Monica. “We find ourselves repeating the same thing over and over. Since organizations can’t spend hundreds of hours on questionnaires, we have to start to think very creatively about how we’re going to support our customers, so that we can support our business.”
Fortunately, with a new approach, Asana has found a way to do just that: support its 139,000 paying customers, helping them feel confident and supporting the business’s growth.
In our recent webinar with Monica and Brian Tobin, Asana’s security technical program manager, SafeBase CEO and co-founder Al Yang dug into Asana’s evolved philosophy on security reviews. They covered the efforts they’ve taken to lead into transparency when it comes to security, as well as the tactical steps they take to educate and inspire their sales team to leverage their tools and lead with security.
5 biggest takeaways
The five biggest takeaways from the webinar provide a roadmap for creating a buyer-oriented security review process that really scales:
1. Align your business strategy and your approach to security reviews. As your organization scales, the process you take for buyer security assessments should, too.
According to Monica, “As we see the shift in our business… We needed to come up with a way to very proactively demonstrate trust with a very easy-to-follow, very frictionless way to share the information that we need to share to move over the finish line with these customers or prospects.”
2. Reposition security reviews as an accelerator, rather than a blocker, of deals.
Monica shared three core tenets of the security review process under this orientation:
“The first is a very proactive approach to customer trust. That really involves bringing the security trust conversation to the very beginning of the sales cycle. The second is transparency. We really take an approach of, ‘Let’s try to show our customers and prospects all of the documentation and artifacts we’re capable of showing.’ And the last tenet is creating a very seamless and frictionless process for our customers to perform these reviews. We don’t want to be a blocker. We want to support our business teams to close deals as quickly as possible.”
3. Integrate your security stance into your customer-facing touchpoints.
As part of the security team’s focus on “radical transparency,” Asana has made efforts to bring its security stance into earlier conversations with buyers and customers. This is facilitated by integrations into the workflows used by the sales team and by aligning the company’s Trust Center with Asana’s look and feel.
4. Train – and retrain – your sales team to leverage the company’s security stance.
Brian shared the tactical steps he took to train up the sales team to leverage the company’s Trust Center in buyer and customer conversations: First, they reinforce the importance of trust to Asana’s business, to the market, and to the company’s customers. Then they share the key components of the Trust Center so sellers know its value and how it works. Finally, they provide the sales team with a playbook and script for talking about Asana’s security stance and the Trust Center with customers.
5. Align incentives across the security and sales teams.
“One of the most important things we tell the sales team is that if they accept the Trust Center, the deal will likely close much quicker,” said Monica.
To that end, the security team makes sure to share stories and feedback from customers that demonstrate the “Wow” factor of the Trust Center, along with the velocity it can create in the sales cycle.
“We let them know that they should be really proud of what they’re seeing,” said Brian.