An immature vendor risk management process preventing scalability
As AppsFlyer matured from an early-stage startup to a growth- stage organization and market leader, a manual third-party security risk program was no longer feasible for their business. AppsFlyer needed a solution that could accommodate a mature organization and accelerate the process.
Moreover, there were more third-party vendors to assess and integrate. Manually vetting new vendors, managing questionnaires in Excel spreadsheets and performing ad-hoc vendor risk management wasn’t cutting it anymore.
That’s because multiple stakeholders were involved in assessing and vetting new vendors, but the process of sharing documents and spreadsheets between departments was inefficient, cumbersome and left room for mistakes and bottlenecks.
Following the hypergrowth they experienced, AppsFlyer needed a more efficient, streamlined and sophisticated process for their vendor risk management program. The company understood that the antiquated process they were using was not sustainable if they wanted to scale.
Fast, automated third-party security risk evaluation and management platform
AppsFlyer needed a platform that would support their business by automating their existing vendor risk management processes. Stakeholders required a centralized location to store relevant information and assess their vendors. They needed a cloud solution that would allow easy access, by all stakeholders, wherever and whenever needed. Panorays provided all of this and more.
Panorays offers an automated, comprehensive and easy-to-use third-party security platform that manages the whole process from inherent to residual risk, remediation and ongoing monitoring. Unlike other solution providers, Panorays combines automated, dynamic security questionnaires with external attack surface evaluations and business context to provide organizations with a rapid, accurate view of supplier cyber risk.
Esther Pinto, AppsFlyer’s Information Security Team Leader, credits Panorays’ automated, easy-to-use platform, the company’s invaluable Customer Success team and the recent AppsFlyer/Panorays integration for their fully integrated third-party security risk process.
In fact, the process is so seamless that anyone in the organization requiring a vendor security approval can easily make a request without even logging into Panorays’ platform. Users are able to use a simple internal form to facilitate the request through the integration with Panorays. All required information is located in one place, allowing stakeholders to work in parallel, making for a much more efficient assessment process. Lastly, when a vendor is approved in Panorays, a notification is similarly sent directly to AppsFlyer’s existing project management platform, informing the relevant parties.
“Panorays provides us with an extensive amount of information about potential vendors, way beyond what we would be able to find on our own. This enables us to make quick and informed decisions about vendor selection,” said Pinto, referencing Panorays’ proprietary research and comprehensive analysis of more than 1,000 sources.
Like many organizations, AppsFlyer has critical requirements for accepting or rejecting suppliers, such as a valid SOC/ISO 27001 or a critical finding on the external scan, respectively. Panorays’ automated questionnaires facilitate this swift process.
In addition, having all vendor data aggregated in one place gives AppsFlyer full visibility of a vendor’s history. Should a vendor be rejected for any reason, Pinto can refer to that information when deciding to accept or reject that vendor in the future. Having all the data stored in a single location also offers unparalleled transparency throughout the entire process.
With Panorays continuously monitoring and evaluating their suppliers, Pinto is always up-to-date with her vendors’ security posture, thanks to the live alerts about any security changes or breaches to her third parties.
An easy-to-use, automated platform integrated with AppsFlyer enables seamless processes and scalability
“We would never have been able to achieve what we’ve achieved had the process been done manually,” explained Pinto. “Having this process automated, as well as having a single, centralized place to manage the entire process, has allowed AppsFlyer to scale. Panorays is more accurate, more organized and more comfortable to work with than our former manual processes. You don’t want to struggle at work.”
With approximately 250 current vendors and about 15–20 being evaluated on a monthly basis, Panorays’ platform enables Pinto to quickly and easily access information on vendors being evaluated, as well as current vendors.
“People only look at how much money they spend, but are not considering how much money is being saved. Time is money. And working with Panorays is making everything in this process shorter and saving me lots of time,” she said.
Pinto believes that an automated all-in-one third-party security risk management solution like Panorays should be the standard for every company, in every sector. She is a firm believer in fully automated processes that pretty much run themselves. Pinto has leveraged the power of Panorays to create something even greater for her team at AppsFlyer and maintains that the Panorays platform is the wave of the future in information security.