SaaS-based security and compliance solutions provider Vanta has launched a vendor risk management (VRM) offering to help organizations streamline third-party vendor security reviews and due diligence.
The company claims the new offering will automate vendor discovery, vendor assessment and vendor remediation workflows to significantly reduce the time and costs associated with third-party vendor risk management and reviews.
“Organizations are more dependent than ever on third-party providers, and most companies use more than 100 SaaS providers on average,” said Christina Cacioppo, CEO of Vanta. “Most of these vendors are adopted directly by employees, bypassing security checks.”
Vanta’s VRM will be available to customers at launch as a complement to its namesake and flagship trust management platform.
Vendor risk analysis applies with the proliferation of the cloud
The vendor risk management segment has grown with the proliferation of cloud-based applications, resulting in third-party applications emerging as a common attack vector for hackers, contributing 60 % to global data breaches.
It takes companies, on average, 280 days to discover a third-party data breach, according to a report by IBM and the Ponemon Institute.
The global VRM market, which is a smaller segment of the governance, risk management and compliance (GRC) market, is expected to grow from $4.6 billion in 2020 to $13.98 billion in 2028, at a rate of compound annual growth (CAGR) of 14.6. % during the forecast period, according to a report by Verified Market Research.
Major players in the market include IBM, MetricStream, RSA Security, Lockpath, OneTrust and BiSight Technologies, which offer a range of VRM solutions and services such as risk assessment and scoring, third-party due diligence, compliance monitoring and performance management suppliers .
VRM consolidates the incorporation and evaluation of suppliers
Vanta’s new offering is designed to combine the entire supplier management process into a single automated workflow with the necessary integrations with third-party applications, identity providers and database systems. This, the company said, reduces overhaul costs by 90% compared to spot fixes.
Vanta can automatically discover any provider (cloud providers, identity providers like Auth0, databases, CRM systems, and more) and the employees who use them through integrations with single sign-on systems and identity providers (IdP) of the company, according to Cacioppo.
It also uses a supplier ranking system using a risk rubric that provides better visibility into supplier-based risks. This assessment combines a score of metrics derived from “business-critical” factors that customers can adjust based on their requirements.
“Vanta provides a default risk rubric that takes into account a number of factors such as the type of data the vendor processes, business criticality, and the extent of access to internal systems and other vendors to automatically assign a risk score. to every vendor,” Cacioppo said.
This classification capability is default with the VRM and applies to all providers as they are onboarded.
Vanta automates VRM with procurement
In addition to registering Vanta’s VRM to scan, classify and manage integrated suppliers by default, “customers can also manually upload a list of suppliers and users if needed and connect Vanta to their procurement process to automate the single request for security reviews of new providers,” added Cacioppo. .
This automation will include transforming the traditionally manual process of answering security questionnaires into an automated library of updated spreadsheets and web-based forms with added features such as auto-fill and one-off questions with a browser extension.
In addition, Vanta’s VRM provides visibility into duplicated/redundant applications, enabling organizations to efficiently deploy and decommission applications, thereby saving costs, according to Cacioppo.
The automated workflow also streamlines the tracking of compliance reports and sets up periodic reminders to request updated reports.
Copyright © 2023 IDG Communications, Inc.
Ikaroa is excited to announce that Vanta, its secure cloud platform, has added a new SaaS capability to its suite of services, allowing businesses to more easily protect their data and increase operational confidence. Vanta’s new SaaS capability helps address the growing concern that customers have about vendor security.
The new Vanta SaaS capability is designed to give customers increased control over their data. It provides a secure cloud platform that can host both corporate and customer data, in an easy to access and manage way. Each organization has its own instance, protected from external threats and continually updated against the latest security threats.
Vanta helps companies better manage vendor security threats by providing greater visibility into their vendors’ practices. With automated tests, alerts, and reports, Vanta can help customers quickly identify security concerns. It also drives better practices between vendors, with granular policies, enhanced authentication, and improved access control.
The addition of Vanta’s SaaS capability is yet another way Ikaroa is helping customers protect their sensitive data and increase operational confidence. Through their secure cloud platform and their proprietary SaaS capability, Ikaroa is able to help their customers protect against vendor security threats. This addition to their suite of services and capabilities gives customers an extra layer of trust, knowing that their data is safe and secure.