Skip to main content
Security Scorecard

SecurityScorecard and AWS Help Make Secure Software Procurement Faster and Easier

Frankie Berry
Posted on July 26th, 2022

Organizations increasingly rely on third parties for business operations, and as a result are working with more digital suppliers than ever. According to Gartner, 60% of organizations work with more than 1,000 third parties and this number will grow.

High-profile vulnerabilities such as Log4Shell are a constant reminder of the risks posed by a breakdown in the software supply chain. This has spurred enterprises to increase the rigor of software risk assessments to ensure supply chain security. organizations require visibility into the ongoing security posture of their vendors in addition to point-in-time attestation such as SOC2 and ISO certifications.

“If you're validating evidence off of the SOC report, how long is that evidence good for? Are we looking at something six months old?,” said Stephen Nemeth, Sr. Manager, Global Security Risk Management at Aflac. “Point-in-time assessments are nice and necessary, but continual validation of controls is necessary to maintaining a healthy business.”

Combining Amazon Web Services (AWS) and SecurityScorecard can help shorten the procurement process and enables continual monitoring of any organization’s cybersecurity posture over time. AWS Marketplace Vendor Insights enables instant security validation for software procurement, while SecurityScorecard provides ongoing monitoring of cyber risks to ensure a vendor’s security posture is maintained.

Substantially reduce vendor security assessment time from months to hours

AWS Marketplace Vendor Insights helps simplify third-party vendor risk assessments by compiling security and compliance information in a unified dashboard. On-demand access to evidence dramatically accelerates the vendor security assessment process.

Security and compliance controls are gathered with current and trusted information, reducing the need for an extensive discovery period from the IT security assessment process. The information in Vendor Insights is both current and validated using evidence from vendors’ security tools and audit reports. You can continually monitor your software’s security controls post-procurement and receive notifications for security and compliance events.

SecurityScorecard will work with AWS to build a centralized repository to automate and simplify vendor risk assessments. Buyers on the AWS Marketplace will have access to the most current evidence available in SecurityScorecard that is automatically updated using AWS Audit Manager and ISO/SOC-2 reports. This can help to reduce the software risk assessment lead time from months to a few hours.

Gain a complete, continuous view of your vendor ecosystem with automatic vendor detection to scale and automate your third-party risk management workflows

SecurityScorecard has made it possible to rate the cybersecurity posture of over 12 million organizations and counting. The industry’s most expansive data set provides in-depth insights to make faster, smarter business decisions.

SecurityScorecard can instantly visualize your full vendor ecosystem to drive targeted discussion with your supply chain and streamline vendor risk management workflows. The Automatic Vendor Detection (AVD) module enables vendor risk management (VRM) teams to scale their workflows with automatic vendor detection and 4th party risk analysis.

Additionally, you can calculate the combined risk of an organization and its entire digital supply chain with SecurityScorecard's Supply Chain Risk Score. This takes into account multiple parameters, including infrastructure, paths to an organization, and how much risk each vendor can pose. The Supply Chain Risk Score provides visibility into combined ecosystem risk, enabling you to understand and stay ahead of supply chain threats.

Learn more at AWS re:Inforce July 26-27

During the AWS re:Inforce conference, industry leaders share the latest advances in security, compliance, identity, and privacy. Attendees are encouraged to attend breakout session GRC210, “Vendor Insights streamlines third-party SaaS risk assessments” that will highlight how shared assessment profiles help make procurement faster and more accurate. The session takes place at 11:00 AM Eastern.

Additionally, demos will be available in AWS Marketplace booth #400.

How to try SecurityScorecard yourself

Try SecurityScorecard for free to experience how easy it is to rate the security posture of any organization quickly and securely.

Return to Blog
Join us in making the world a safer place.