Improving Customer Account Management with Security Transparency

This blog was originally published by SafeBase here.

Written by Kevin Qiu, SafeBase.

According to the Identity Theft Research Center, data breaches increased year-over-year once again in 2021, with the number exceeding 2020's breaches by October. Supply chain security in particular is now top-of-mind for many cyber security leaders. In addition to requiring new vendors to undergo lengthy security due diligence assessments, many teams have begun to conduct annual reviews of existing suppliers as well. Forward thinking organizations can factor this into their customer account management practices to improve customer retention and reduce churn.

The impact of security breaches is constantly increasing, and teams are reacting by requiring that third party vendors be able to keep up with attackers. Security teams typically do not hesitate to sunset a vendor due to security concerns.

As a means to reduce the impact of a third party data breach, security teams are now interested in information such as:

• Renewed compliance reports. Popular external security audits like ISO 27001 and SOC 2 are great ways to build trust with customers, but they need to be conducted annually to ensure that companies maintain their security posture.
• Updated penetration tests. Modern development teams can push tens, or sometimes hundreds, of updates to production on a daily basis. Recent penetration tests help to demonstrate that your organization takes application security seriously and that your developer security training is effective.
• Internal security program improvements. Security teams want to see that vendors truly care about security. Informing them of updates such as the retirement of soon to be end-of-life cryptographic algorithms can help reduce the number of inbound emails sent to customer success teams.
• Product security updates. Adding capabilities such as exportable audit logs or hardware MFA token support helps to build additional trust with security teams, and can help products become sticky.
• Incident response bulletins. Data breaches are bigger than ever and are becoming more expensive each year. Proactively informing customers that your organization wasn't affected by the latest one helps to reassure customers that their data is secure. It also lets them know that the team managing it will notify them immediately in the unfortunate event of an incident that does affect them.

Regularly providing security-conscious customers with updates is something that all SaaS organizations should do to maximize their customer account management capabilities. If your organization hasn't already, it is recommended to conduct regular sync-ups between security and customer success teams to both reduce friction internally, and to increase customer retention.

About the Author

Kevin is the Director of Information Security at SafeBase. SafeBase is an interactive security portal that allows SaaS vendors to easily share security information and sensitive documents with customers proactively. Prior to SafeBase, he was also a Big 4 consultant and security engineer in other tech companies.