Earlier this month, I spoke with Stephen Boyle, chief trust officer at enterprise management software firm Workday, about his role and the importance of building trust with customers. The below interview has been edited for clarity and brevity.
Fortune: What is a chief trust officer?
The chief trust officer is the person responsible for being the customer-facing representative for the security and privacy program at the company. So if you think about prospective customers who are assessing Workday from a risk perspective, they’re going to have a lot of questions about the security and privacy practices of how we’re protecting their data. It’s my job to make sure that we’re open, transparent, and giving them the answers that they need so that they can have a good experience while they’re running due diligence. So a key part of that is making sure customers understand the security program and the investments that we’re making in people, processes, and technology to protect their data.
It sounds like a mixture between a technical role and a communications role, where you need a lot of technical knowledge but also the ability to translate that into language less technical-minded customers can understand.
That’s right, exactly. You’ll be dealing with executives on the customer side, ranging from technical experts to CIOs and CHROs, so there’s a team on the customer side who are assessing not only for security elements but also features and functionality. So it’s really important to be able to translate complex security and technology concepts into a format that people can understand and digest.
How does that help you build trust with the customer?
For us, it’s really about being open and transparent in how we interact with our customers. So we deliver what we call a trust presentation, that gives a large overview of the discussion program focusing on a number of different areas: for example, how we create, foster, and maintain our culture of security and privacy awareness. We will also talk about the [third-party] certifications that we have, like the ISO certifications and service organization controls reports, so there’s kind of a soft audit report. We make those reports available on a continuous basis to our customers. And I think the commitments that we make to security help build trust as well. In the software portal, we’re saying we’re not going to diminish those controls over the period of the contract with our customers, and that gives customers a high level of assurance about the controlled environment that we’re offering.
Did you find the pandemic affected your ability to build trust with customers when meetings needed to be conducted remotely?
I think it’s always good to have face-to-face meetings and that it’s a good way of really understanding people on a human level. So, from that perspective it was probably a little bit of a battle, but it wasn’t something that constrained us. One of the great things about Workday is that, because we’re a SaaS [software as a service] vendor, we were already set up to help our customers navigate the pandemic remotely and build rapport and trust in a virtual environment.
How does your role sit within Workday’s organization?
In Workday, we work very closely with our sales and pre-sales colleagues, and our legal team as well. You can imagine, during a deal, pre-sales and sales are the interface with the customer and are driving that process. We come in at a point in the sales cycle when customers are really looking to understand more depth. We also work with legal, helping develop contractual language. But overall, we’re part of the security function, so the chief trust officer role reports to our chief security officer.
Why is building trust important to Workday?
It really helps us meet our customers’ needs. When we develop our systems, we’re developing with principles of privacy by design in mind, you know, which is about building trust with our customers. We really listen to our customers and configure our systems or build the features that they need to run their business. And that really is important to us: that we continue to meet their business needs.
If you think from the customer’s perspective, they’re taking critical data about their people and then placing it into the Workday environment. They have to really understand a lot about our security program and the protections that we’re putting in place throughout the duration of the contract with them to trust us.
Eamon Barrett
eamon.barrett@fortune.com
IN OTHER NEWS
X
Elon Musk rebranded Twitter as X this week, marking the start of the billionaire’s long-touted desire to create an “everything app” akin to China’s WeChat, which serves as a messaging platform, a bank, and a blogspot. Some critics say the sudden rebrand might have stripped billions of dollars in brand value from Twitter, but CEO Yaccarino insisted to staff that this is a chance to make the “next big impression on the world.”
Glory to Hong Kong
A Hong Kong court is expected to rule on the local government’s request for an injunction against the song Glory to Hong Kong this week, in a case that observers say is a test of the city’s freedom of speech. The song is an anthem created by prodemocracy protesters in 2019, which the government is seeking to ban. If the court rules in favor of the government, tech giants like Facebook and YouTube could be compelled to block it on their platforms.
Open eye
Worldcoin, a blockchain project founded by OpenAI CEO Sam Altman, has started offering users crypto in exchange for letting the company scan their irises. The company carries out scans using a melon-sized orb, which records the patterns of a user’s eye and translates that data into a unique digital key, verifying the user is human. Worldcoin’s parent, Tools for Humanity, says the project is intended to solve the problem of A.I. imitating human life. A problem Altman’s other venture is exacerbating.
The dead zone
Employees are creating a “dead zone” between 4–6 p.m. to fit in COVID-era habits like school runs and gym sessions, researchers say, creating an extended workday with three peak hours. The third peak comes late in the evening when dead zone employees clock back in to finish off the day’s work. But those extended hours are creating headaches for managers struggling to corral workers onto the same schedule.
TRUST EXERCISE
“The crypto industry is working hard to gain back trust. If [proof of reserve] becomes widespread and standardized, we will exceed the level of assurance that custodians can offer with traditional assets. This is a worthy goal, and one that Washington should support.”
Nic Carter, cofounder of blockchain-focused investment firm Castle Island Ventures, says the crypto industry is embracing self-regulation through a concept known as Proof of Reserve (PoR), whereby crypto exchanges “[attest] to their unique ownership over some digital assets on-chain, combined with a disclosure of client liabilities.” PoR is supposed to help guard against meltdowns like the FTX saga, but some in Congress have warned that PoR has limited effect.