Finally, a Subscription for Security Folks

Kevin Qiu
September 29, 2021

We live in a world of subscriptions

In the age of cloud computing and rapidly growing SaaS companies, users everywhere are constantly bombarded with information from products they sign up for and use. Whether it's status pages about uptime, product release notes, or blog posts about relevant industry topics, users on the modern web can subscribe to a variety of communication channels to keep up with the products they use every day.

SaaS vendors love when users subscribe to their status pages and newsletters because:

  • Sites go down. Status pages with subscribe options allow users to follow updates as fixes are deployed.
  • Users don't login to every SaaS app every day. Product release notes encourage passive users to try out new features and to reengage.
  • A consistent set of blog posts with insightful content keeps the vendor's brand top-of-mind with their customers.
We send product updates to our customers via emails on a regular basis.

Where's the unsubscribe link?

However, as great as blogs and newsletters may be to power users of a SaaS app, not everyone feels the same way. It's important to realize that the security team reviewing these tools aren't usually the target audience for this content. Speaking from personal experience, many IT and security folks are admins for these tools, and are automatically subscribed to corresponding product newsletters during the onboarding process. Being fairly busy folks, you can bet that they hit that unsubscribe button as soon as the first automated drip campaign email comes through to their inbox.

This presents a problem. These emails might seem spammy to many IT folks, but they oftentimes contain important updates such as when a vendor completes a SOC 2 audit for the first time, or will stop supporting old cryptographic algorithms in the near future.

Introducing....vendor emails that security teams will love

What if there was a way to keep security teams up to date, without requiring them to be bombarded with product release notes and blog post notifications?

In our never ending mission to help security and sales teams save time, we've decided to build this! With our new Subscribe feature, SafeBase customers can now send a plethora of security specific updates on an opt-in basis to security, IT, and legal teams.

Send subscribers a notification when a new SOC 2 report or pen test report is available to view

Compliance is a significant part of any successful security program. Most SaaS companies choose to conduct either a SOC 2 or ISO 27001 audit annually as a way to build and maintain trust with prospects and customers. As an additional requirement, they also usually have one or more pen tests done by an external specialist firm to ensure that their apps are free from major security vulnerabilities.

On the flip side, buyers also typically conduct annual reviews of their vendors, and often ask customer success or sales teams for these compliance and pen test reports. As you can imagine, this leads to long email chains with multiple parties getting CC'd, and out-of-date documents being sent. With the SafeBase Subscribe feature, existing customers can quickly get a single email when their vendor uploads a new pen test report or becomes compliant with upcoming standards like CMMC and CPRA.

Easily send security updates to interested customers and prospects with Subscribe.
Finally convert that on-the-fence customer with new product security updates

Speaking of SOC 2 reports, many startups often fail the security due diligence process from larger enterprises due to a lack of external security auditing. In many cases, the buyers at these companies really like the product, but are blocked by their security teams until a compliance or pen test report is ready to be reviewed. In other cases, IT teams refuse to deploy new SaaS products in their environments until features like multi-factor authentication or SAML support are added.

With the SafeBase Subscribe feature, sales teams can quickly reignite previous conversations with buyers who otherwise would have already been power users. Folks in the "I'd love to use this product, but my security team requires Yubikey support" camp can simply subscribe and be the first to know when their company's IT and security requirements have finally been met.

Save yourself from a barrage of emails when the next SolarWinds happens

If you're reading this post, then you're probably already familiar with the SolarWinds and Kaseya breaches of the past year. You might have also had to respond to tens, if not hundreds, of long emails from your customers asking if their data was affected as a result. I know for a fact that it probably wasn't fun because we went through the same ordeal even though we've never used either product!

We all love getting tons of emails, right?

With SafeBase's Subscribe feature, you can now proactively inform your customers and prospects of any vendor related security updates when the next major breach inevitably happens. You can send out notifications stating that you aren't a customer, or provide real time updates to your incident response in the unfortunate event that you are actually affected. Either way, this will save your inbox from many, many emails from concerned security teams.

Did any of the content in this post hit close to home? Well, what are you waiting for? Sign up for SafeBase today to check out our shiny new subscription feature!

Like talking to humans? Schedule a demo with our team here.

Discover SafeBase

Learn how SafeBase has helped companies speed through security assessments and expedite deals.