In today’s interconnected world, we rely heavily on services provided by other companies in order to offer high quality products to our customers. This is even more pronounced in the cloud. Every company is responsible for carefully evaluating the vendors that it entrusts, and today must do its own evaluation to ensure those vendors have sound security practices in place. Evaluating a vendor is often a slow and painful process, involving a lot of back and forth, asking questions, reviewing certificates, and even, in some cases, performing an actual audit. At the end of the day, we all want the same thing – a high level of certainty in the vendors we trust.
At Atlassian, we are committed to establishing and maintaining Trust in our services, and this initiative is an important part of it. We take the vendor selection process very seriously, and we’re excited to share our best practices as a founding member of the Vendor Security Alliance (VSA). The VSA is an independent, not-for-profit entity that evaluates the security and privacy of services provided by vendors. Along with eight other industry cybersecurity experts – Airbnb, Docker, DropBox, GoDaddy, Palantir, Square, Twitter, and Uber – we are standardizing and creating a baseline of acceptable cybersecurity practices.
We believe trust begins with transparency and accountability, and having an independent entity manage this process for all its members will provide an efficient, common, and credible way of evaluating the vendors we all use. Each cloud company will be evaluated, audited, and scored based on a set of common criteria that measures cybersecurity risk, policies, procedures, privacy, vulnerability management, and data security. The focus and scope of vendor evaluations are driven by the members, allowing the VSA to provide maximum value to the community and quickly adapt to the needs of customers. All VSA members will have access to the results of vendor audits that offer assurance in the vendors they entrust.
By having a common, credible way to evaluate vendors, all VSA members are raising the bar on security. Here at Atlassian, we will be able to accelerate our innovation cycle (by reducing the time necessary to onboard a vendor) and increase our confidence in the venders we rely on. To find out more about the VSA or become a member, visit their website. You can also learn more about Atlassian’s best practices by visiting our Trust Center.