Okta, Airbnb, Zendesk, Asana and Snap join Whistic in forming cybersecurity consortium | ZDNet

Several tech firms have partnered with Whistic to create a consortium focused on sharing cybersecurity information with customers. 

Whistic — which created a network for assessing, publishing and sharing vendor security information — will work with tech companies like Okta, Airbnb, Zendesk, Asana, Atlassian, Snap, Notion, TripActions and G2 on The Security First Initiative.

The initiative seeks to combat third-party data breaches by using Whistic Profiles as a standard for assessing and sharing cybersecurity details. A Whistic spokesperson noted that more than half of the Fortune 500 use the Whistic Vendor Security Network. 

“Just like Asana believes collaboration and transparency between internal teams are mission-critical, we also believe it’s mission-critical to establish transparent and trusted relationships with our customers and third-party vendors,” said Sean Cassidy, head of security at Asana. 

“That’s why we’re excited to join with so many leading companies and see the industry collectively embrace the Security First Initiative.”

Some now use Whistic Profiles in place of the typical questionnaires used for vendor assessment requirements. Gen Buckley, senior manager of customer assurance at Okta, said the Security First Initiative and the recently released MVSP security baseline both “demonstrate the importance of working together to improve security for all our mutual customers.”

Also: FBI warns of online scammers impersonating government officials, law enforcement

The initiative will see the companies share their security information proactively with their customers using a Whistic Profile. 

Whistic CEO Nick Sorensen said the future of vendor security must be built on a foundation of collaboration and added that the “dual-sided, network approach to vendor security is the only way to meet the needs of both buyers and sellers in the ecosystem.”

“It’s also the most efficient way to make transparency the expectation in vendor security, and when that happens, everybody wins,” Sorensen said. 

A Whistic spokesperson told ZDNet that most companies now require a security or privacy assessment yet wait until the end of the purchasing process to evaluate the security of the vendor they are purchasing from. Some vendors may also take weeks or months to satisfy those requests fully.

“This results in elongated sales cycles and a growing friction between vendors and their customers. Whistic and the founding members of the initiative spoke about the need for the industry to flip this entire process and lead with security first, as opposed to at the end of the process,” the spokesperson said. 

“At the heart of this is a more transparent, proactive approach to sharing security information than has existed historically. The traditional approach has been very black-box, with both parties not communicating well and approaching it in an almost adversarial manner as opposed to treating it like the partnership that it is. We are collectively excited for more companies to approach vendor security in a more collaborative and transparent manner moving forward.”

G2 CEO Godard Abel added that their 2021 Buyer Behavior Report found that security is now the number consideration for buyers in the purchasing process.