22 March 2022
Trustero: A Foundation of Trust
Jocelyn Goldfein
Managing Director
Phillip Liu is a pioneer in cloud infrastructure; he built his career at early Saas leaders like Marimba and Opsware, helped Facebook scale in its early hypergrowth years, and leveraged his expertise to co-found SignalFx, where he built one of the most successful platforms to ensure reliable and performant cloud infrastructure.Zetta couldn’t be more thrilled to partner with Phil’s next pursuit: building the intelligent trust platform for technology partners.
At first glance, you might wonder what “compliance” has to do with Phil’s background in cloud infrastructure, or Zetta’s focus on ML. In fact, they’re deeply interconnected.
Throughout his career, Phil saw that a key challenge of cloud infrastructure is the *interdependency *of all our systems. Pre-cloud, every part of the stack, top to bottom, was self-contained. The rise of cloud means that for better and worse, our systems adopt dependencies on one another. E-commerce sites rely on payment APIs which rely on Saas APM tools which rely on cloud infrastructure providers. We no longer have a well-defined and self-contained stack — we have a complex web of technology and infrastructure dependencies.
Every technology service depends on third parties; when a service makes commitments around reliability, efficiency, performance, and security, it is committing on behalf of the third parties as well. While this architecture has immense advantages, it exposes every partner in the chain to a degree of third-party risk that didn’t exist in the pre-cloud world; and the more mature and ubiquitous cloud infrastructure becomes, the more complex the web of dependencies.
Compliance has historically been seen as a discipline focused on financial transactions. But the mission-critical nature of our reliance on third-party technology systems, and our customers’ reliance on our own systems — has made technology a core target as well. In the financial world, compliance is all about ensuring adherence to financial best practices and obedience to tax and other legal regulations. On the technology side, compliance is increasingly focused on R&D and DevOps best practices, as well as data privacy and security laws — and customer commitments! So now compliance is the CTO’s focus, not just the CFO’s.
The SOC 2 has become the de facto standard in Saas technology best practices. It’s a priority even for pre-product-market-fit tech startups because they can’t onboard enterprise pilots and design partners without it. That makes it the compliance entry point for most new tech companies, and a vibrant ecosystem of technology and services firms has been growing quickly to serve the growing demand.
The first generation of approaches are all about the compliance workflow: libraries of content and checklists, all aimed at making a mysterious process simple and easy for humans to execute with as few mistakes as possible, and help the engineering team to assemble the necessary policies and documents needed by audit firms to verify a company’s compliance.
Phillip Liu’s approach with Trustero is the next-generation approach: bringing modern AI techniques to bear on the problem — automating information gathering and more importantly, validation; not just accumulating content, but understanding, assessing and validating it, enabling human auditors to scale to more customers at greater velocity.
The SOC 2 is an urgent need for every tech startup with a B2B business model, but it’s just a starting point. Once a year is frequent enough for a box-checking exercise. But the interdependency of our technology SLAs is 24x7 and year-round; Trustero’s ambition is to build the platform for continuous assurance, an intelligent foundation that enables technology partners to go faster and farther because they can rely on one another. We couldn’t be more proud to support the team on their journey!
