News has not been kind to US headquartered technology companies over the past year. From an erosion of faith because of a company’s geographic location, to a series of high profile breaches that are calling into question trust in your IT systems. Technology providers and governments have a vital role to play in rebuilding trust. And so do customers—who need to demand more from their technology providers.
In my recent trip to Europe, and speaking to some balanced, thoughtful, and concerned public officials, it got me thinking. Why do we trust the products we use? Is it because they work as advertised? Is it because the brand name is one we implicitly believe in for any number of reasons? Is it because the product was tested and passed the tests? Is it because everyone else is using it so it must be okay? Is it because when something goes wrong, the company that produced it fixes it? Is it because we asked how it was built, where it was built, and have proof?
That last question is the largest ingredient in product and service acquisition today, and that just has to change. Our customers are counting on us to do the right thing, and now we’re counting on them. It’s time for a market transition: where customers demand secure development lifecycles, testing, proof, a published remediation process, investment in product resilience, supply chain security, transparency, and ultimately – verifiable trustworthiness.
We saw some of this coming, and these are some of the principles I hear customers mention when they talk about what makes a trustworthy company and business partner. Starting in 2007, with a surge that began in 2009, we’ve systematically built these elements into our corporate strategy, very quietly, and now we want the dialogue to start.
I’m challenging customers to take the next step and require IT vendors to practice a secure development lifecycle, have a supply chain security program, and a public, verifiable vulnerability handling process.
I recently recorded the video blog above discussing what it means to be a trustworthy company. I hope you will share your thoughts and experiences in the comment section.