As security leaders, we have a responsibility to operationalize security capabilities. That means implementing technical controls, detecting and responding to attacks, validating system integrity, ensuring compliance, educating our peers on how to prepare, mitigate, and respond to scenarios, as well as continuously submitting our organizations to real-world stresses.
The best, most successful security teams are the first to initialize across their own organizations. They are their own “customer zero,” using their own products or expertise, attacking themselves and trying to expose weaknesses to uncover opportunities for success, which is their critical advantage for effectiveness.
The Cloudflare team works the same way; we focus on protecting ourselves, fostering innovation, and sharing our successes and failures.
Innovators have been doing this for years. Take Ruth Handler for example. In the 1950s, this Mattel co-founder watched her daughter and friends play with paper dolls. When Handler saw the children pretending the dolls were adults, she was inspired to make a 3D version of an adult doll. Her daughter, Barbara, was customer zero.
There is a long history of other innovators, like scientists who use themselves as test subjects, becoming their own customer—or patient—zero. The development of anesthesia, radiography, cardiac catheterization, and the yellow fever vaccine, for example, all benefited from self-experimentation. By testing new technologies and therapeutics on themselves, innovators rapidly evaluated product effectiveness and gained valuable insights for modifying designs.
Many people talk about “dogfooding.” But few organizations take full advantage of the insights and benefits you can derive from being customer zero. And that’s a shame, because that experience can go a long way toward untying the Gordian knot of cyber security.
First, being customer zero bolsters the confidence that prospects and customers have in your company. When you use your own product, you send a powerful message about the faith you have in the product’s efficacy.
Being customer zero also accelerates the feedback loop. When feedback comes from your own company, you can get that feedback immediately—and you can start innovating, working on user-centered improvements, faster. At the same time, you can take the lessons learned and educate people across your company about the roles they can play in improving your product and enhancing trust in your business.
At Cloudflare, we’ve also found that by being customer zero, our team has developed greater empathy for customers. We better understand the needs of internal and external constituents. And that understanding allows us to design and iterate on solutions more effectively.
Importantly, the customer zero approach strengthens commitments to privacy and security. Compliance regimes around the world are becoming increasingly stringent. When you use your own cyber security solutions, you feel the importance of compliance as strongly as your customers do.
Of course, if you’ve got a robust cyber security solution, being your own customer also enables you to capitalize on the security benefits of that solution. At Cloudflare, we were able to prevent a targeted phishing attack against our company using our Zero Trust platform. An attacker harvested employee credentials and then attempted to log into Cloudflare systems using a time-based one-time password—but we had already transitioned to hard keys and additional security measures that prevented successful entry.
We not only stopped an attack but also validated our security approach and enforced several best practices. That validation continues to benefit us and our customers.
In the current business landscape, creating and maintaining robust security has never been more important. And, as security leaders, we need to fully experience how our products work in the real world — being your own customer is the best way to do that. By putting yourself in the shoes of your customers, you can better anticipate and mitigate risks, enhance the robustness of your products, strengthen regulatory compliance, and ultimately increase customer confidence and trust.
Learn more about how Cloudflare uses Cloudflare to secure our global team.
This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.
Oren Falkowitz — @orenfalkowitz
Security Officer, Cloudflare
After reading this article you will be able to understand:
What it means to be “customer zero”
How it accelerates feedback and innovation
The benefits that extend to your customers