How and When Do You Trust a Security Vendor?

In my reporting for the CISO/Security Vendor Relationship Series and the companion podcast, the one theme I hear over and over is that buyers of security products need to trust the vendor.

Unfortunately, that response of “I need trust” provides more questions and essentially no answers. The issue of trust is not concrete, making it hard for both buyers and sellers to define and deliver on.

AWS Builder Community Hub

This article provides no answers, but rather some key questions:

  • What are the questions buyers are asking to make a judgment of trust?
  • What are the criteria that could possibly make up your definition of trust?

This is my first crack at trying to understand what trust is in security sales. I really want your feedback. What have I missed and what doesn’t really matter?

Share your feedback by joining the conversation on LinkedIn.

How Do You Determine Trust in a Security Vendor Relationship?

How important is the first engagement? How much weight do you put on it? Are there things that vendors say that make you receptive to the second engagement? Are there things that immediately put you off where you’ll never talk to that person or company again? Conversely, have you “got in bed” with a vendor a little too quickly? Are you willing to trust early on in the relationship?

How do you like to be courted? Do you like the vendor to keep following up, or do you want them to lay back and you follow up? If the latter, are you receptive to content marketing, traditional advertising and networking events to stay top of mind with that vendor? Do you like it, and does that increase your trust in them?

Where do you find validation to be able to trust a company? Is it with personal engagements with the company? Is it with analyst reviews? Is it recommendations from your peers? Can you have any one of these without the others and still trust the company?

Are many security products interchangeable? With so many companies competing in specific categories, do you ever feel that these products are completely interchangeable? That you would be just as happy with a competing product if there wasn’t such a high cost to exit and a high cost to enter? It’s often been argued that sales ultimately comes down to people selling to people. If you believe that to be true, would you leave one vendor for the trust you have in a different person at another vendor? Would you leave a product because a trusted sales engineer moved on to a competing product?

Service level agreements (SLAs): Do you feel that they’re doing their job of insuring the trust you have placed in the company? Do they have any other role? Does trust ever fall in part of the creation of the SLAs?

Does zero trust carry over to vendors? Obviously you would continue to check adherence to SLAs, but are you still keeping your guard up with every single interaction always looking for a reason not to trust the vendor? Do you assume/seek out/appreciate when a vendor calls even when you don’t have problems? Do you need them to provide new solutions without upselling? Do you need/seek out valuable educational opportunities about their product?

Are you quantifying trust or is it a gut response? How consciously are you thinking about all of these issues? Do you actually think about some or all of these elements, or do you just come to a gut response and then try a proof of concept (POC)? Do you always try a POC with every single purchase? How often do POC’s not turn into sales? Does the POC fail or does something happen that causes you to lose trust?

Have you ever been burned trusting a vendor? If so, does that change your view on trusting security purchases?

What did I leave out? What critical issues did I omit that buyers are consciously thinking about when determining whether to trust a vendor and their product?

Share your feedback by joining the conversation on LinkedIn.

David Spark

David Spark

David Spark is a veteran tech journalist with nine years experience covering cybersecurity. He has partnered with Security Boulevard to continue his popular CISO/Security Vendor Relationship Series. Spark is also the founder of the Spark Media Solutions, a B2B content marketing agency for the tech industry. He's a former standup comic, comedy writer for The Second City in Chicago, and San Francisco tour guide.

david-spark has 28 posts and counting.See all posts by david-spark