Security compliance startup Vanta Inc. today announced the launch of a new solution designed to enable organizations to accelerate, automate and simplify third-party vendor security reviews and due diligence.

Called Vanta Vendor Risk Management, the service features vendor auto-discovery and continuous vendor assessment and remediation workflows. The solution is said to reduce significantly the time and costs for security experts to review, manage and report on third-party vendor risk.

Vanta is pitching the service as being able to address the problem of application proliferation as organizations grapple with uncovering and securing hundreds of information technology apps being used by employees every day. Shadow IT is said to account for more than half the software-as-a-service applications in a company’s portfolio, causing security and IT teams to fight a never-ending battle of app overload. Added to the mix are the risks introduced by third-party vendors targeted by hackers, with the period to discover and contain a data breach now averaging 280 days. That’s where Vanta VRM steps in.

“Between never-ending app sprawl and an increasing number of access points, organizations are only as secure as their weakest link,” Chief Executive Christina Cacioppo said ahead of the announcement. “With Vanta’s VRM solution, security teams can significantly reduce vendor risk by quickly inventorying vendors, performing security reviews, and remediating issues — all in the same platform they use for security and compliance today.”

Key features of VRM include a single platform for risk management, enabling the whole vendor management process, from discovery to reviews to remediation, in one place. With a single panel, the company says, VRM reduces review time from days and weeks to mere hours, with cost savings of over 90%.

The platform automatically discovers all vendors being used by employees, prioritizes vendor reviews based on risk levels assigned by a customizable risk rubric, simplifies requesting security reviews via integrations with procurement systems, streamlines vendor security assessments with automated workflows, and optimizes vendor spending by identifying vendor redundancies and reduces license costs by revoking employees that don’t need access.

Vanta was in the news in January when it announced that it was acquiring security review startup Trustpage for an undisclosed price. Although Vanta has not linked today’s release to that acquisition, Trustpage offered managed security reviews and offered some of the same features now seen in Vanta VRM.

Image: Vanta