Kevin Qiu
Director of Enablement and Trust

In 2021, the cybersecurity industry was rocked by 2 major security vulnerabilities discovered in Kaseya’s IT management software and Apache’s popular Log4j logging utility. In both cases, security teams around the world scrambled to apply fixes and to conduct internal investigations to determine if they had suffered any data breaches. What makes major data breaches in the modern SaaS-heavy cybersecurity world even more complex is that security teams at companies that don’t use these tools still have to react because their other vendors may have been affected.

Man on computer in modern office - SafeBase
Many IT and security teams worked through the 2021 holiday season due to Log4j.

When major headline-grabbing incidents such as Log4j happen, cybersecurity teams quickly become bombarded with emails from their customers inquiring about their response. This is because historically, it has been difficult to understand what a vendor’s software stack looked like. As a result, security teams email all of their vendors as a precaution to ensure that these industry wide breaches don’t affect them as well. In many cases, these security teams don’t just limit their inquiries to a simple “Were you affected?” email and instead require vendors to complete entire breach related questionnaires. This in turn can require a significant amount of time from already understaffed security teams.

As cybersecurity practitioners ourselves, we’ve experienced this pain point countless times. That’s why we’re happy to announce that the SafeBase Trust Center now has a new feature that makes it incredibly easy to communicate responses to security incidents to customers and prospects: Trust Center Updates.

SafeBase Trust Center Updates Screenshot - SafeBase
SafeBase published an advisory regarding Log4j using our own Trust Center Updates feature.

Trust Center Updates allow cybersecurity teams to publicly communicate any updates during security incidents, and more importantly, allow customers to determine if their data was affected or not. Security teams no longer have to write custom replies to tens, or hundreds, of customers. Instead, they can proactively direct customers to their newly updated Security Portal with full information on how the vendor is responding to the latest incident. Many SafeBase customers have been able to leverage this to vastly reduce the number of Log4j emails they otherwise would have had to respond to. More importantly, Trust Center Updates do not disappear, and viewers of a Security Portal can view a vendor’s previous responses to past security incidents, further demonstrating that the vendor does indeed take security seriously.

In addition responding to incidents, Trust Center Updates can be used in a variety of different ways such as:

  • Informing customers of an updated SOC 2 or pentest report
  • Announcing a new bug bounty program
  • Rolling out product security features such as SAML support

More importantly, customers and prospects can Subscribe to these updates and receive notifications whenever their vendor has something noteworthy to share regarding security. In many cases, buyers are often left waiting on a vendor to implement a new feature such as MFA support before they are cleared to be used internally. In addition, external security audits are usually required to be done on an annual basis, and with that comes swarms of emails from customers requesting updated reports.

We are confident that SafeBase’s Trust Center Updates will help cybersecurity teams everywhere reduce the number of emails flooding their inboxes and allow them to focus on security.

SafeBase is the scalable Trust Center that automates the security review process between buyers and sellers. With a SafeBase Trust Center, companies can seamlessly share sensitive security documentation with buyers and customers, including streamlining the NDA signing process by integrating with your CRM and your data warehouse. 

If you’re ready to take back the time your team spends on security questionnaires, create a better buying experience, and position security as the revenue-driver it is, get in touch with us.