In the early days of cloud adoption, enterprises were slow to entrust their data to off-site servers owned by outside entities. Though enterprises came to outsource a fair bit of their computing power, infrastructure, and security to cloud service providers, it was always a shared trust paradigm. And instead of solely relying on technology, interpersonal trust had to be built, step by step.
Zero trust takes this even one step further. It requires entrusting huge amounts of technical infrastructure to a vendor operating outside an organization’s walls. Cybersecurity, access to productivity tools, branch connectivity – all now the responsibility of a third-party.
In our combined over 40 years experience as business and technology leaders, we’ve found that significant transformation is impossible without trust (the interpersonal kind). Suppose you want to sell the world on a new security paradigm. It’s imperative to build relationships with the people you consider potential buyers at the outset.
When Rohit, as the Chief Digital & Information Officer and Global Head at Wipro HOLMES™ (former), was considering embarking his company on its digital transformation journey, he knew a breach could cost him his job. So he wasn't willing to trust his company's security to just anyone. In fact, it wasn't until Zscaler CEO, Chairman & Founder Jay Chaudhry personally paid him a visit while he was on holiday in India that he felt the relationship was strong enough for him to take the leap. The two shared a coffee and spoke for hours before Rohit walked away ready to move forward.
So how can security vendors, especially revolutionary ones like those pushing ZTA, build that level of confidence? How do they build person-to-person trust while eliminating implicit trust in IT?
Below we lay out a few principles based on our experience that we think apply in a broad range of contexts. They are meant to help IT leaders build the relationships necessary for enabling transformational change.
Tailor zero trust discussions to your audience
Decision makers do not all think alike. Often, their specific roles generate different psychological perspectives, expectations, and interests.
It can be the default tendency, in conversations about cybersecurity, to rely on proof points most relevant to a CIO or CISO. Such stories might revolve around capabilities and tech buzzwords: zero trust, SASE, cloud, and developing threats like ransomware-as-a-service. These undoubtedly make up a part of the story. But only one chapter.
Today, security conversations have also forced their way into the boardroom. This has implications for all lines of business, investor relations, and the health of the organization's global brand. So if the audience is not someone like a CISO, who came up through the IT ranks, but instead someone who thinks more naturally in terms of business goals, strategies, and risks, the story must be positioned accordingly.
COOs tend to think in terms of operational stability, speed, and agility; a CFO will think in terms of financial implications and risk management; a CEO may well respond favorably to a combination of all of these perspectives. Tailoring the story in this manner not only makes for a clearer value proposition, but also increases interpersonal trust.
Incorporate emotion, not just facts, in talking about zero trust
A strong case must be logically sound, clear, and based on demonstrable evidence. But to create a genuine distinction, it should also be delivered with conviction and even passion. We’ve repeatedly seen that, given two strong arguments similarly made, one with emotional appeal performs better than one without.
Emotional responses help to transform strangers into friends; they inspire trust, and trust is necessary for ongoing discussions of significant shake-ups like switching to ZTA. Given a true belief in the transformational power of zero trust principles, its proponents should be absolutely eager to spread word of a better way to enable modern workforces, enhance security, and modernize infrastructure.
Increase credibility by leveraging experience and in-depth knowledge
Imagine you are a CXO listening to a pitch describing a brave new network platform. You begin to wonder: Has this person actually been to one of the data centers mentioned? Has this person seen the technology at work in real time, and understood what it can do (and not do)? Have they participated in a transformation themselves? Or have they simply memorized a sales deck?
Storytellers who can answer unexpected questions and explain the value proposition in any requisite level of detail will be seen as more credible than those who can’t. They are inherently more trustworthy. Simply put, there’s no substitute for experience.
Consider post-sales support a way to build the relationship
Nothing makes a relationship feel transactional like disappearing after a deal is closed. There’s a role for customer success teams, but that doesn’t mean your job is over. Following deployment and integration, what kind of real-world outcome the customer is getting – and what key performance metrics (KPIs) are most relevant to that customer?
By ensuring the delivery of KPIs that address the customer’s goals and pain points, and quantifying improvement, the security provider delivers added value in key ways. This bolsters the trust in the business relationship and, under the best of circumstances, increases the likelihood of additional deals.
Understand market disruptions and geopolitical situations and respond accordingly
The current war in Ukraine demonstrates the way developments in one part of the world ripple out to affect the larger business climate and initially unrelated organizations and business models.
If you can anticipate and assess your customers’ concerns on these topics, and proactively address them, you’ve found yet another way your relationship adds value. The world isn’t about to stop spinning, and geopolitical developments will continue to affect business dealings. Play close attention to how to soften their effects, or even turn them to the advantage of your customers.
In sum, implementing zero trust on the web benefits from an abundance of trust between people. By building it, CXOs increase the chances of fruitful relationships at the closing of deals and far beyond. While it may not extend to visiting a potential client on holiday, enhancing trust requires many conversations, cups of coffee, and honest dialogue.
Go out of your way to show prospects that you’re in it for the long haul. Visit the potential client onsite. Reach out when global events cause global uncertainty. Speak to the human, not just the job title.
After all, one of the ironies of zero trust is that it requires an abundance of it.
What to read next
Challenge Everything, Trust Nothing: What Boards Should Know About Zero Trust
Shields up! Why cybersecurity is urgent for every executive and board member, not just the security professional