Why Stories Reveal If You Can Trust the Security of Your Supply Chain

Posted on by Michael Santarcangelo

It's a conundrum. When working with the supply chain, secrecy is important. Sometimes, it's the difference between success and failure. However, when acquiring technology or working with partners, that secrecy could spell certain doom in the event of a problem. Worse, it often prevents the visibility into the process to conduct an appropriate evaluation.

Can you trust the security across your vendors? The challenge of security is the need (actual and perceived) to be secret, while still providing assurance that the secrecy isn't covering up problems. This challenge often leads to heated discussions and demands for more details. It puts everyone on guard and increases tension.

A more effective way to overcome the challenge is to focus on trust in the relationship to understand and assess security across the supply chain. The key is taking a different approach to communication. Here's how:

Build Trust Through Transparency

Much of what happens in business comes down to relationships. While the instinct for assessing the supply chain is to know everything, sometimes the real assessment is of the people and the relationship. Strong solutions with poor relationships often meet the same demise as poor solutions. However, relationships built on mutual trust have a remarkable way of improving even poor solutions and driving success.

Place emphasis on building a trusting relationship through transparency. While this seems odd in situations where some of the key elements are not transparent, it's a matter of focus. The transparent aspect means working to take friction out of communication and using an approach/language that is mutually understood.

Communication Is Key

By taking friction out of communication, it's possible to work together to build the "story" of the process. Instead of wasting energy on one-way "messaging," focus on sharing the right information, in the right way for the other parties to absorb and process, and with the right timing for them to pay attention.

Instead of relying on assumptions, heavily based on individual experience, work on guiding communication to mutual understanding. This is especially important when it comes to security, because the word carries many different meanings.

Engage in "story swapping": Offer what you think is a relatable story. When the audience (individual or team) processes it, they get the opportunity to offer a story in return. The story they swap either confirms understanding or reveals something insightful that allows everyone to adjust his or her assumptions and come to a closer understanding.

Collaborate Through Story

Build on the "story swapping" process to create a collaborative narrative that explains the supply-chain process in a mutually understood way. The shared story is an effective way to gain visibility and insight. It helps place attention on the outcome, ensuring everyone involved has comfort with what they seek.

As such, the discussion centers around areas of importance, concerns, protections, and how the relationship protects what is important to each party. It moves the conversation from "trust me," to "let me demonstrate how and why you can trust me."

Take Friction Out of Communication to Build Trust, Assess Security

This approach prevents the adversarial nature that causes people to hold details back. It creates the conditions for a more transparent discussion of concerns, protections, and how everyone involved can get what he or she needs—in a healthy, productive relationship. Or it reveals why they can't.

Sometimes it doesn't work. It's always better to learn that sooner in the process. Trust is built through transparency. The key to building the trust and insight necessary into the security of the supply-chain process is to apply transparency to the act of communication.

By bringing visibility to the process with mutual understanding and a focus on outcomes, it's possible to protect secrets and still ensure the diligence necessary to make informed risk decisions.


risk management data security law

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs