AWS re:Invent 2022
Simplify the Vendor Risk Assessment Process with Vendor Insights Pex203

Title

AWS re:Invent 2022 - Simplify the vendor risk assessment process with Vendor Insights (PEX203)

Summary

  • AWS Marketplace has introduced Vendor Insights to address the pain point of vendor risk assessment in software procurement.
  • Vendor risk assessments are time-consuming, often involving hundreds to thousands of questions, and are difficult to validate.
  • Vendor Insights is a customer-facing dashboard that surfaces security and compliance information about a vendor's SaaS solution.
  • It automates evidence collection, supports continuous compliance, and provides transparency with a notification system for changes.
  • Vendor Insights answers 125 control questions and is backed by evidence from AWS Config, SOC 2, and ISO reports, as well as vendor self-assessments.
  • The solution reduces the procurement process from weeks to hours and builds customer confidence in the security and compliance of their purchases.
  • The onboarding process for Vendor Insights is straightforward, involving CloudFormation templates and AWS Audit Manager for manual attestations.
  • At launch, 40 vendors had already created Vendor Insights profiles, and the service is expected to streamline the procurement process for both buyers and sellers.

Insights

  • Vendor Insights aims to reduce friction in the procurement process by automating the collection of security and compliance evidence, which traditionally has been a manual and time-consuming task.
  • The service leverages AWS Config and AWS Audit Manager to provide continuous compliance monitoring, which is more secure and reliable than point-in-time audits.
  • By providing a standardized set of controls and evidence sources, Vendor Insights can help normalize the vendor risk assessment process across different buyers, potentially reducing the need for custom questionnaires.
  • The ability to filter for SaaS solutions with Vendor Insights profiles on AWS Marketplace can help buyers quickly identify products that meet their security and compliance requirements.
  • Vendor Insights could potentially shift the industry towards more transparency and continuous compliance monitoring, which may become a competitive advantage for vendors who adopt it early.
  • The cost savings for vendors are significant, not only in terms of reducing the time spent on compliance paperwork but also in potentially reducing the frequency and cost of audits.
  • The service's design considers the sensitivity of compliance data by requiring customers to request access and vendors to approve it, ensuring that sensitive information is shared under a non-disclosure agreement (NDA).
  • Vendor Insights could lead to a cultural shift within organizations, where security and compliance teams spend less time on administrative tasks and more time on improving security postures.
Simplify and Accelerate Security for Simple Storage Case Studies Prt276Simplify Your Aws Cost Estimation Cop205