Faith Is A Terrible Strategy For Software

Read time: 4 mins

Welcome back everyone 👋

This week’s Automation Advantage covers:

🔐 Security is not compliance

🛠 Trust as a service

🔍 A real example of trust becoming a service

Let’s get into it 👇

Recently I took my daughter to Worcester for her 18th birthday to see a gig.

We went to see the folk legend, Beans on Toast, at an honest, stripped back, and no nonsense show in St Swithun’s Church, an unusual venue to say the least.

I spoke to Beans at the end of the show and told him I’d love to buy one of his famous handwritten boards for my wife.

He didn't have any in stock.

But rather than just saying "check the website," he grabbed a blank canvas and a marker pen right there and then.

He wrote down the title of a family favourite, personalised for Nikki.

It hangs in our house now.

I’ve been listening to Beans on Toast a lot lately.

In fact I was listening to another of his songs "Faith in the Moon" attempting to write this edition, when it hit me.

It’s a song about optimism.

About believing that, despite the chaos of the world, things will work out.

It’s about having faith in something you can’t control.

It’s a beautiful concept for a folk song.

But it is a terrible strategy for software.

Too many businesses operate on "faith."

They have faith that because they passed an audit, they are safe.

They have faith that because they have a certificate, they are secure.

But in our world, faith isn't enough. You need proof.

And that brings us to today’s topic.

Security is not compliance

Most organisations treat compliance like a security strategy.

You do the paperwork, you get the certificate, and you assume everything is covered.

But compliance is a baseline.

A starting point.

A checklist.

It tells auditors you met standards, not that you are actually secure.

You can be compliant and still be vulnerable to real threats.

You can build systems that satisfy auditors but frustrate users.

And you can design trust out of your operations without even realising it.

Nugget #1: Compliance tells you what you should do. Security tells you what actually works.

Trust as a service

If security is about protecting systems, then trust is about what people experience.

Trust is not a document you file once a year.

Trust is:

• Security built into user flows

• Data protected at every touchpoint

• Visibility into how decisions are made

• Resilience you can prove under pressure

When teams design for trust, not just compliance, something important happens.

People notice.

Customers stay longer. Partners loosen their guard. Teams operate with confidence.

Nugget #2: If users do not feel secure, they are not secure, no matter what your certificate says.

A real example of trust becoming a service

I worked with a platform that was fully compliant with regulations.

But users kept asking support questions like:

• “Is my data shared with third parties?”

• “Can I get access to a log of activity?”

• “What happens if the system becomes unavailable?”

The answers were buried in a terms of service document no one read.

1. We redesigned the way trust was surfaced:

2. Clear trust dashboard showing data handling and access logs

3. User controlled settings for alerts and permissions

4. Live status and incident updates embedded in the app

The outcome?

• Fewer support tickets

• Higher user satisfaction

• Lower churn

No new certifications. Just real trust baked into the product.

Nugget #3: Trust is not proven by paperwork. It is proven by transparency and experience.

What you can do today

🔹 List the ways your system feels secure to users

🔹 Identify where compliance stops but experience begins

🔹 Pick one user interaction and design trust into it

You do not need to be perfect.

You just need to stop confusing compliance with confidence.

P.S. Whenever you’re ready, here’s how I can help:/

• You can check out the latest episode of the Ctrl Alt Dev podcast where I break down what's working right now in detail with my co-host Sean Sale.

• Take our Escape the Chaos audit to learn the critical factors to scaling businesses with automation in 5 minutes.

• Need a fresh perspective? I’m here to help. Book a 1-1 call with me, and we’ll figure it out together.