Today Pleasant Grove, UT-based Whistic, along with founding tech companies—Okta, Airbnb, Zendesk, Asana, Atlassian, Snap, Notion, TripActions, and G2—announce the formation of the Security First Initiative. This coalition pledges "to put security first by proactively sharing security information with customers using a Whistic Profile," say the initiative's founders. They point to increasingly frequent and highly damaging third-party security breaches and ransomware attacks which affect companies and government agencies alike, including the Department of Defense. These attacks have become increasingly worrisome, according to Whistic and the Security First Initiative founders, because of the popularity of software integrations with SaaS partners which presents security vulnerabilities that companies may not fully understand.
TechBuzz sat down with Whistic's CEO, Nick Sorensen, who sees security concerns in third party Saas relationships as a particularly relevant aspect of Utah's technology ecosystem, which is home to hundreds of SaaS companies. "The software industry has witnessed a 14x growth rate of SaaS companies since 2015," says Sorensen, citing data from a 2021 SaasOps report from BetterCloud. "When your company forms a B2B relationship with a SaaS partner, whether you realize it or not, you are also outsourcing data security to your SaaS partner by giving them API access of your data. If a hacker breaks into that SaaS system, the hacker can often access your data as well."
Sorenson also pointed to a 2021 G2 report on Software Buyer Behavior, that indicates the number one consideration for buyers is now security. The report goes on to say that 83% of companies say they conduct a security/privacy assessment before making a purchase.
Founding members of the Security First initiative have all adopted and recommend the Whistic Profile as the industry standard for assessing, publishing, and sharing security information. Over 40,000 Profiles are available on-demand in the Whistic Vendor Security Network. Having a Whistic Profile increasingly replaces the need for clients to request a questionnaire to satisfy their vendor assessment requirements.
"This increasingly popular vendor security strategy drives increased trust and transparency, while automating the reactive, manual processes used previously," says Sorensen. "The future of vendor security must be built on a foundation of collaboration. We’re excited to unite with a coalition of some of the world’s leading technology companies to create a new expectation where security comes first. This dual-sided, network approach to vendor security is the only way to meet the needs of both buyers and sellers in the ecosystem. It’s also the most efficient way to make transparency the expectation in vendor security, and when that happens, everybody wins.”
To help companies meet this new Security First expectation, Whistic is offering vendors access to a free version of Whistic Profile, which includes the ability for vendors to proactively share their security information with their customers, eliminating the need to repeatedly fill out questionnaires. Whistic has also publishes an annual report about the state of vendor security.