Work-Bench
Published in

Work-Bench

Announcing Our Investment In VISO Trust

Automating Vendor Security Due Diligence

We’re excited to announce that we led a $3M seed round in VISO Trust, with participation from Sierra Ventures and Lytical Ventures.

VISO Trust fixes the broken and time intensive process of third party risk management with a platform that optimizes the speed, accuracy, and scalability of vendor due diligence. Their third party lifecycle management solution is created by security professionals that meets customers and vendors where they are.

The Problem

It’s no secret that vendor relationships are crucial to successful enterprise operations. Vendor relationships are growing at a rapid pace that was only expedited by the pandemic and new digital demands. Executives from our corporate network have shared with us that they have anywhere from 700 to 10,000+ vendors involved in their operations at a given time. Along with that, the usage of SaaS is also growing. A recent Okta study found that on average their customers deploy 88 apps, with their larger customers deploying an average of 175 apps.

To support this growth, security teams are tasked with the Herculean effort of onboarding third party solutions quicker than ever, while adequately evaluating their security posture to minimize breach risk and satisfy financial partners and regulators. In a recent Deloitte survey, 84% of respondents said their organization had experienced a third party incident in the last three years.

However, third party risk management is often hampered by:

  • Hours of manual work. The vendor due diligence process is time intensive and involves back and forth review and verification of 300+ question security surveys per vendor.
  • No definitive standard. Questionnaires are often custom per organization, although there are frameworks like Vendor Security Alliance, NIST, ISO, and others. This means security teams design what’s best for their own companies and place the burden on vendors to navigate their way through each questionnaire. This inefficiency adds to the delay and frustration on both ends.
  • Lack of insights. The takeaways from these questionnaires often don’t move the needle in understanding the holistic risk of vendors. Third parties can range in their criticality and impact to the business based on the inherent risk of a process, but typical questionnaires don’t adapt to risk context and as an effect all vendors tend to get put through the same gauntlet.
  • Current solutions don’t scale. Security ratings can provide useful data, but don’t tell a full or accurate story, and cyber audit firms are way too expensive to cover anything more than a fraction of partners. While Governance, Risk, and Compliance (GRC) and privacy related firms have added modules, they are seen as “digital” equivalents of a questionnaire that still require manual effort.

The Product

VISO Trust delivers a platform that allows security teams to onboard, review, and manage the lifecycle of any number of third parties.

At its core, the solution provides:

  • Low friction. VISO Trust is easy to deploy for drop-in due diligence. Third parties can fulfill assessment requests in minutes and leverage source documents and audit reports to accelerate the process.
  • Flexibility. Practitioners use different security questionnaires and standards based on their environment. Document Intelligence and customizable controls and risk models help extract relevant insights from responses that map to areas of risk that the security team cares about.
  • Automation. VISO Trust automates as much as possible to spare vendor and reviewer time wherever possible, so that more time is available for making informed risk decisions. This automation extends beyond onboarding to continuously managing the entire vendor lifecycle.

As a happy customer put it, “VISO Trust has enabled us to bring the security staff time per relationship down from more than 8 hours to only 30 minutes — for us that’s gold.”

The Team

The VISO Trust team saw this problem firsthand as practitioners and knew there was a better way to manage third party risk. As former security leaders at LendingClub, Restoration Hardware, and ASAPP, co-founders Paul and Russ lived on each side of this problem, previously managing thousands of third parties at highly regulated technology companies and spending years building security programs and software to support technology products in use by the Fortune 1000.

We’re excited to see them already delighting customers with their fresh and pragmatic take to the vendor security process. Congratulations to the VISO Trust team!

You can check out more coverage in VentureBeat.

--

--

--

Work-Bench is an enterprise technology VC fund in NYC. We support early go-to-market enterprise startups with community, workspace, and corporate engagement. Sign up to get our digest of top content & industry news weekly: work-bench.com/enterprise-weekly

Recommended from Medium

The security risk’s associated with using outdated obsolete cryptography and encryption protocols

DNS Records Explained In a Simple way

OceanEx & IPX AMA Summary

{UPDATE} Speed Boat Driving Hack Free Resources Generator

Free help is fantastic — especially in a crisis — and the response of the cybersecurity community…

PUREVPN : Purevpn review -2020

Purevpn

5 Do’s and Don’ts to Keep Your Identity Safe from Hackers

Zerogoki Migration- DUET token Claim Guide

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kelley Mak

Kelley Mak

@kelleymak

More from Medium

Chain.io takes the next step in connecting the Supply Chain Digital Nervous System

Prefcap — our thesis

Off-Chain Credit Data Meets On-Chain Loans: Our Investment in Teller

Venture Capital in Nerd Nation