Vanta’s new offering aims to help customers streamline third-party security with automated workflows for vendor security reviews and compliance. Credit: CIS SaaS-based security and compliance solution provider Vanta has launched a Vendor Risk Management (VRM) offering to help organizations streamline third-party vendor security reviews and due diligence.The company claims that the new offering will automate vendor discovery, vendor assessment, and remediation workflows to significantly reduce the time and cost associated with third-party vendor risk reviews and management.“Organizations are more reliant on third-party vendors than ever, with most companies using more than 100 SaaS vendors on average,” said Christina Cacioppo, CEO of Vanta. “The bulk of these vendors are adopted directly by employees, bypassing security reviews.” Vanta’s VRM will be available to customers at launch as an add-on to its flagship and namesake trust management platform. Vendor risk analysis catches on with cloud proliferationThe vendor risk management segment has picked up with the proliferation of cloud-based applications, which has resulted in third-party applications emerging as a common attack vector for hackers, with a reported contribution of 60% to overall data breaches.It takes companies, on average, 280 days to discover a third-party data breach, according to a report by IBM and the Ponemon Institute. The global VRM market, which is a smaller segment of the governance, risk management, and compliance (GRC) market, is expected to grow from $4.60 billion in 2020 to $13.98 billion by 2028, at a compound annual growth rate (CAGR) of 14.6% during the forecast period, according to a report by Verified Market Research.The leading players in the market include IBM, MetricStream, RSA Security, Lockpath, OneTrust, and BiSight Technologies, providing a range of VRM solutions and services such as risk assessment and scoring, third-party due diligence, compliance monitoring, and vendor performance management.VRM consolidates vendor onboarding and evaluationVanta’s new offering is designed to combine the entire vendor management process within a single, automated workflow with necessary integrations with third-party applications, identity providers, and database systems. This, the company said, reduces review costs by 90% as opposed to siloed point solutions. Vanta can automatically discover any vendors — cloud providers, identity providers like Auth0, databases, CRM systems, and more — and the employees using them via integrations with the company’s single sign-on, and identity providers (IdP) systems, according to Cacioppo.It also employs a vendor ranking system through a risk rubric that provides better visibility into vendor-based risks. This evaluation combines a score of metrics derived from “business critical” factors that customers can adjust based on their requirements.“Vanta provides a default risk rubric out-of-the-box that considers a number of factors like the type of data being processed by the vendor, business criticality, and scope of access to internal systems and other vendors to automatically assign a risk score to each vendor,” Cacioppo said. This ranking capability is defaulted with the VRM and applies to all vendors as and when they are onboarded.Vanta automates VRM with procurementApart from signing up Vanta’s VRM to scan, rank and manage onboarded vendors at default, “customers can also manually upload a list of vendors and users if needed and connect Vanta to their procurement process to automate requesting security reviews from new vendors,” Cacioppo added.This automation will include transforming the traditionally manual process of answering security questionnaires into an automated library of up-to-date, web-based spreadsheets and forms with added features such as auto-complete and one-off questions with a browser extension. Additionally, Vanta’s VRM gives insight into duplicative/redundant applications, enabling organizations to make informed commissioning and de-commissioning of applications efficiently, thereby saving costs, according to Cacioppo.The automated workflow also streamlines tracking compliance reports and installs periodic reminders to request updated reports. Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe