In 2021 the security industry was rocked by 2 major security vulnerabilities discovered in Kaseya’s IT management software and Apache’s popular Log4j logging utility. In both cases, security teams around the world scrambled to apply fixes and to conduct internal investigations to determine if they had suffered any data breaches. What makes major data breaches in the modern SaaS heavy security world even more complex is that security teams at companies that don’t use these tools still have to react because their other vendors may have been affected.
When major headline grabbing incidents such as Log4j’s happen, security teams quickly become bombarded with emails from their customers inquiring about their response. This is because historically, it has been difficult to understand what a vendor’s software stack looked like. As a result, security teams email all of their vendors as a precaution to ensure that these industry wide breaches don’t affect them as well. In many cases, these security teams don’t just limit their inquiries to a simple “Were you affected?” email and instead require vendors to complete entire breach related questionnaires. This in turn can require a significant amount of time from already understaffed security teams.
As security practitioners ourselves, we’ve experienced this pain point countless times. That’s why we’re happy to announce that the SafeBase Smart Trust Center now has a new feature that makes it incredibly easy to communicate responses to security incidents to customers and prospects: Trust Center Updates.
Trust Center Updates allow security teams to publicly communicate any updates during security incidents, and more importantly, allow customers to determine if their data was affected or not. Security teams no longer have to write custom replies to tens, or hundreds, of customers. Instead, they can proactively direct customers to their newly updated Security Portal with full information on how the vendor is responding to the latest incident. Many SafeBase customers have been able to leverage this to vastly reduce the number of Log4j emails they otherwise would have had to respond to. More importantly, Trust Center Updates do not disappear, and viewers of a Security Portal can view a vendor’s previous responses to past security incidents, further demonstrating that the vendor does indeed take security seriously.
In addition responding to incidents, Trust Center Updates can be used in a variety of different ways such as:
- Informing customers of an updated SOC 2 or pentest report
- Announcing a new bug bounty program
- Rolling out product security features such as SAML support
More importantly, customers and prospects can Subscribe to these updates and receive notifications whenever their vendor has something noteworthy to share regarding security. In many cases, buyers are often left waiting on a vendor to implement a new feature such as MFA support before they are cleared to be used internally. In addition, external security audits are usually required to be done on an annual basis, and with that comes swarms of emails from customers requesting updated reports.
We are confident that SafeBase’s Trust Center Updates will help security teams everywhere reduce the number of emails flooding their inboxes and allow them to focus on security.
Interested in leveraging a SafeBase Security Portal to communicate updates for the next Log4j? Sign up for your own SafeBase Smart Trust Center at https://safebase.io