On episode ten of the Trust Podcast, an SAP podcast about cybersecurity, trust and today’s landscape, SAP’s Chief Trust Officer Elena Kvochko was joined by Matt Chiodi, Chief Trust Officer at Cerby.
They discussed Trust at Cerby, cloud vs on-premise applications and what leaders should look for when building out a trust office.
Journey to Cerby
For the last decade, Matt held security- focused roles at Palo Alto Networks, RedLock, Cognizant and Ebay - all of which contributed to his expansive security knowledge and experience. He was at Palo Alto Networks when he realized he wanted a new opportunity to learn and grow and started to look for a start-up which led him to Cerby. The startup caught his attention because "it was solving a problem that nobody else was trying to solve and it had a bold vision".
Trust at Cerby
Cerby's goal is to "transform security into a productivity booster and make it simple to make security everyone's business". Chiodi shared that "Currently cybersecurity tools and platforms are not designed for employees to be the end users - they're really designed for security or IT teams. Cerby works so that employees actually want to use it to make their day to day easier."
At Cerby, there are currently under 50 employees, so while Chiodi is focused on cybersecurity as the Chief Trust Officer, his role also extends to intellectual property such as patents. Additionally, a part of trust is "how we talk about our product". Chiodi mentioned "Companies may embellish or talk about products in certain ways as a part of corporate strategy, but part of trust in a startup, especially a startup in a seed stage, is making sure the way we talk about our product is 100% representative of what we actually do."
A major challenge for trust in startups is that it is not a main priority especially if you get in at the early stages. At that point, the focus is on creating and designing the product and building out the company. As Chief Trust Officer at Cerby, Chiodi is making sure they "are building a company that's trustworthy especially since [they] are a cybersecurity company managing and storing users passwords."
"Integrity is being the same person through and through no matter the audience or the context - even if nobody is there". shared Chiodi.
This means he works with Cerby's marketing and product team to make sure everything they are doing is aligned and done with integrity so that he can carry out a trust strategy.
Cloud vs On-Premise for Applications
"While the cloud is no longer new, according to research from O'Reilly, 50% of organizations still rely on traditionally managed on-premise systems" shared Chiodi.
Matt goes on to further explain that while most business use cloud in some way, it is mostly using it through Software as a service (SaaS) - not in a strategic sense. "If you're going to run your workloads in cloud, you have to precisely know what you're going to do from a security perspective" explains Chiodi. Most organizations that feel like their security and trust teams are coming in late to solve an issue is because those businesses have been operating in the cloud for some time without their security and trust teams even knowing.
Matt's suggestion is "If you do not have a cloud strategy, it is important to work with the Chief Information Officer (CIO) to develop one. Once you do have a cloud strategy, be comfortable with relying on the third-party attestations for your data centers as you are not going to be able to audit data centers on-premise."
Trust as a Business Category
"For forward thinking trust companies, the idea of a trust office is not new but for outside of tech, it's still an emerging space." shared Chiodi.
Trust offices are especially important for companies that may have had trouble with trust in the past, and companies that require a high level of trust to be successful. "When a company is not a start-up and they are well established, they have essentially built a "bank account of trust" from their actions over the years. Companies they need to work on their reputation and make sure they adhere to their mission and credo.
When recruiting for trust professionals, Chiodi typically looks for "those who have had a mix of a privacy or security background ideally mixed with marketing. This is a lethal mix because security enables privacy and marketing knows how to communicate to the world.
At the end of the episode, Chiodi shared a piece of advice for organizations that are looking to invest in trust, “Define what trust means for your organization and clearly map it to your vision and mission. There needs to be consistency and tie-in or else the initiative may fade away."
The full episode will be available on February 27th. You can find it here.