Streamline cloud marketplace procurement with the Labra Trust Center
If you’ve ever been involved in a procurement exercise – as a seller, or as a buyer – then you will have experienced the dreaded “security due diligence”.
If “security due diligence” sends a shudder down your spine, then you’re probably remembering how long it took and how hard it was to get the basic information you needed as a buyer, or how swamped you were responding as a seller.
Even worse, some information you’d like to see, such as live cloud security controls – you couldn’t ever access unless you “pair programmed” with the vendor’s security team.
This historically broken security part of the procurement process takes too much time, needs far too many people, and erodes the very trust it’s supposed to create.
But there is great news for ISVs and consulting partners – s who are using the Labra platform – a modern, self-service platform that displays all security controls, and compliance reports on-demand and in real-time. Say hello to the Labra Trust Center. !
In this post we explain:
Streamline cloud marketplace procurement with the Labra Trust Center
WHAT IS THE LABRA TRUST CENTER?
Labra is the world’s first Distributed Cloud Commerce Management Platform, purpose built to enable and accelerate Build, Market, and Co-sell for cloud partners such as software and consulting partners.
The Labra Trust Center is built on Drata, a compliance and automation platform trusted by leading technology brands..
Labra prospects can use the Labra Trust Center for security due diligence when deciding to purchase Labra for their cloud commerce and marketplace operations.
If you’re an existing Labra customer, you can use the Labra Trust Center for periodic compliance audits.
IMPORTANCE OF THE LABRA TRUST CENTER FOR SECURITY COMPLIANCE.
There are two main reasons that customers use the Trust Center:
Labra prospects | Labra customers |
Procurement due diligence “Are you SOC 2 certified?” “Which cloud security controls are used?” |
Regular compliance audits “Are you still SOC 2 certified?” “Check status of cloud security controls” |
Beyond industry-standard security certifications such as SOC 2, the Labra Trust Center also provides transparency for live cloud security controls that underpin the Labra Platform.
FEATURES OF THE LABRA TRUST CENTER
There are five features available to customers in the Labra Trust Center:
- Access and Non-Disclosure Agreement (NDA)
- Compliance Reports
- Monitored Controls
- Security Reports and Policies
- Sub-processors
ACCESS AND NON-DISCLOSURE AGREEMENT (NDA)
The Labra security team controls which security information is available and who can get access to any reports. The first step is to agree on an NDA:
- Customers must sign an NDA to make the request.
- Once the terms of the NDA are accepted, a request is sent through Trust Center to an administrator to acknowledge the NDA and approve or deny the request.
- Once that request is approved, both the requestor and the admin receive an email with the watermarked NDA and requested files.
The customer can now access the security certifications and controls via the Labra Trust Center page.
COMPLIANCE REPORTS
All reports, certificates, and attestations which are chosen to be shared will appear on the Trust Center page including SOC 2 and more.
MONITORED CONTROLS
With Trust Center, the security controls which are continuously monitored within Drata and their status are displayed.
Once the settings are selected, those controls will automatically show in real-time, without the need to make manual updates.
SECURITY REPORTS AND POLICIES
When the Labra security team completes regular activities such as penetration tests, risk assessments and vulnerability scanning, the results are shared in Security Reports in the Trust Center portal.
In addition to these reports, all of the security policies that set the standards for these activities can be reviewed. “What is your policy on….” are common questions in procurement or compliance audits.
LABRA SECURITY PARTNERS
The Labra platform operates via a shared-responsibility model with cloud partners, such as AWS, who are referred to in the Trust Center as “Subprocessors”.
Security features that are delegated, such as AWS handling all of the physical security for cloud hosting, will appear in the Subprocessor section of the portal.
BENEFITS OF USING LABRA TRUST CENTER
There are three main, measurable benefits to both buyers and sellers when using Labra Trust Center:
HOW TO GET STARTED WITH LABRA TRUST CENTER
It is simple to get started with the Labra Trust Center.
Go to the Labra Trust Center | https://trust.labra.io |
Request access to security reports, policies, and other compliance reports | |
If this is your first request | You will receive an email with an NDA agreement. Complete the agreement and wait for approval from the Labra security team. |
Approved NDA | If approved, you will receive a watermarked NDA approval and you will have access to your report or control. |
Access more policies and reports. | Future requests will be automatically approved for your white-listed domain, as per the NDA agreement. |
CONCLUSION
Access to a vendor’s security reports and profiles is essential during procurement and compliance audits.
- If a buyer can’t understand a seller’s security posture, then they are unlikely to approve a purchase, or they might buy a product that doesn’t meet their security standards
- If a seller can’t prove their security posture to buyers, then their revenue will be negatively impacted.
The old method that takes weeks or months to swap manually created word documents via email is no longer fit for purpose.
Labra Trust Center is a modern way for prospects and customers to get faster and better visibility into Labra’s security posture.