Back to all articles
Leveraging AWS Vendor Insights
24February
2023

AWS Marketplace has delivered a new innovation called Vendor Insights that optimizes the procurement process between sellers and buyers. It works by collecting the answers to common questions from buyers about the seller’s security and compliance competency, including industry certifications, and bundling them into a Vendor Insights profile, which is available to buyers via AWS Marketplace. This optimizes procurement on AWS Marketplace by reducing the time, effort and money for both sellers and buyers.

Speak to us today about building your AWS Vendor Insights profile.
AWS VENDOR INSIGHTS BENEFITS FOR SELLERS AND BUYERS.

Before the rise of AWS Marketplace, the procurement process for software could take many months, require multiple staff at both buyer and seller, with a high cost incurred. The costs weren’t just labor costs: there is also an opportunity cost (of taking a long time to buy and get started) as well as the productivity cost of having staff focus on procurement instead of solving problems with the software.

Tweet this: “Labra, opportunity and productivity costs are larger if an ISV doesn’t make an AWS Vendor Insights profile available to buyers.”

Chris Grusz, general manager of worldwide ISV Alliances and Marketplace, explains the process in detail.

  • “Once the technology was selected, you go through the legal review, but then a lot of times the (selling) ISV would get a 200-question packet from a customer saying, ‘OK, you need to answer all these questions before we buy. Where are you at with PCI? What’s your GDPR status?’ Who’s on your board?”
  • “And just as soon as the ISV would finish one of those questionnaires, they would win another customer and get another packet and have to go through another 200 questions,” Grusz told CRN. “So it’s kind of a Groundhog Day event where our customers were passing these packets to our ISVs, and this was adding multiple weeks or even months to process the software procurement experience.”

An ISV can build a simple business case for building their AWS Vendor Insights profile with these five benefits:

AWS Vendor Insights is a recent (end of 2022) innovation, so there are just fifty products with profiles out of over 24,000 on the marketplace.

Tweet this: ISVs that are early adopters of Vendor Insights profile have a competitive procurement advantage over those that don’t.

Total products available on AWS Marketplace Products with a Vendor Insights profile
24,011
Product AWS Marketplace
50
Product Vendor Insights
BENEFIT 1: TIME SAVED WITH PUBLICLY AVAILABLE DATA IN ONE BUNDLE

The prospective buyer can request access to the buyer’s Vendor Insights profile via AWS Marketplace. The buyer approves the request to access the profile which brings the prospect into the sales pipeline.

This reduces desk research, meetings, emails and documents between buyer and seller, giving the biggest time, effort and cost savings.

BENEFIT 2: DETAILED WITH 150 CREDENTIALS AVAILABLE

The larger the enterprise buyer, then, usually the more questions they have and credentials they expect from the ISV and their product.

AWS Vendor Insights will grow the scope over time, starting with security and compliance as these are the most common requests.

BENEFIT 3: AVAILABLE IMMEDIATELY

No need to take months to get answers. Once the buyer requests access to the profile and the buyer approves it, then all of the data is immediately available.

It’s also “real time” and up-to-date, avoiding the stale information in dusty out-of-date procurement documents.

BENEFIT 4: CHANNEL PARTNER OPTIMIZATIONS

Many ISVs sell with partners, and many buyers buy with trusted, local partners. These partners are often “brokers” who help get the data together and make sense of it all.

Channel partners can access Vendor Insights profiles, even for deals that won’t be fulfilled via AWS Marketplace (but the ISV product must be on the marketplace).

BENEFIT 5: INTERNAL PERSPECTIVE OF THE ISV

The Vendor Insights profile “shines a light” on what happens behind the scenes of the ISV and their product, beyond the public website information.

For example, while an ISV website may have a SOC2 badge on their website, they won’t share the details inside that certification. But that information is available in a Vendor Insights profile.

WHAT AN AWS VENDOR INSIGHTS PROFILE LOOKS LIKE

There are three sources of information that are bundled into an AWS Vendor Insights profile:

  • Seller self-attestation – A CloudFormation template sets up an AWS Marketplace Vendor Insights self-assessment in AWS Audit Manager. ISVs can complete this assessment to provide information for multiple control categories. They can upload supporting documents for each control using AWS Audit Manager.
  • Industry standard audit reports (for example, International Organization for Standardization ISO 27001)
  • AWS Audit Manager, which automates evidence collection from the seller’s production environment.

The dashboard takes data from the seller’s self-assessment, evidence from audit reports, and live evidence from AWS accounts. This data feeds into the security controls and then to the dashboard for buyers to review. Live evidence is the method of consistently updating data from multiple sources to present the most current information.

AWS Config is enabled in the seller’s environment. Data about configurations, backups enabled, and other information are updated automatically. For example, if the Access Control for a product is Compliant and an Amazon S3 bucket becomes public. The dashboard would display that the control’s status changed from Compliant to Undetermined.

WHAT SECURITY CONTROLS ARE INSIDE AN AWS VENDOR INSIGHTS PROFILE?

The 10 security categories used to define data are as follows:

  • Access management
  • Application security
  • Audit, compliance, and security policy
  • Business resiliency
  • Data security and privacy
  • End user device and mobile security
  • Human resources
  • Infrastructure security
  • Risk management and incident response
  • Security and configuration policy
HOW SELLERS CAN VIEW THEIR AWS VENDOR INSIGHTS PROFILE AS BUYERS VIEW IT.

Always check how your profile looks to buyers through the AWS Management Console:

  1. Sign in to the AWS Management Console.
  2. Go to the SaaS Product page in the portal.
  3. Choose the product with an associated security profile.
  4. Select the Vendor Insights tab, then choose View Latest Released Snapshot.
  5. On the Overview tab, all the certificate badges you uploaded are displayed.
  6. Select the Security and Compliance tab, and you can view data gathered from multiple controls. Choose each control set to view more details.
HOW BUYERS ACCESS AN AWS VENDOR INSIGHTS PROFILE

Buyers need to access AWS Management Console to see the seller’s Vendor Insights profile, but how do they get there?

First, buyers can filter AWS Marketplace products by Vendor Insights and specific certificates:

Vendor Insights

Labra has a profile for its OppSync product: we can see it’s marked with “Vendor Insights”.

Labra Vendor Insights

Clicking on the product and going to the Labra product page, there’s a badge and link to access the profile:

SOC Product Vendor Insights

Clicking on the link “View all profiles for this product” will open the AWS Management Console from where the request to view can be made.

HOW TO BUILD AN AWS VENDOR INSIGHTS PROFILE.

There are five high-level steps for the ISV to complete to build a public AWS Vendor Insights profile:

  1. Understanding the AWS resources required.
  2. Deploy your stack with CloudFormation.
  3. Share the current SOC2 Type II and ISO 27001 compliance artifacts, such as audit reports.
  4. Contact AWS Marketplace Vendor Insights Support. Using the Submit a support request form, enter information indicating that you’ve completed the Vendor Insights onboarding deployment and uploaded your compliance artifacts.
  5. The Vendor Insights team will contact you with instructions for completing the self-assessment.
BUILD YOUR AWS VENDOR INSIGHTS PROFILE FASTER WITH LABRA

Building an AWS Vendor Insights profile is a mix of skills:

  • AWS technical skills (AWS CloudFormation and associated services)
  • Product and company self-assessment
  • Security and compliance understanding

ISVs can get help from Labra, who have built AWS Vendor Insights profiles and have a service to help other ISVs achieve the same.

Getting help from Labra will help the ISV get it right, first time, and for less time, effort and money than it would take to do it by themselves.

The Labra experts in building AWS Vendor Insights profiles will:

  1. Share the project plan to build the profile.
  2. Provide technical expertise to configure the AWS resources using CloudFormation.
  3. Help make sure the correct security and compliance controls and reports are updated.
  4. Help complete the self-assessment.
  5. Help get approval faster, first time, from AWS Marketplace Support.
SUMMARY

AWS Vendor Insights profiles are a brilliant optimization for enterprise procurement. It takes the time, effort and money out of a standard procurement process for the benefit of sellers and buyers. It also increases the quality of information available in the profile because it’s “real-time” and links to live-deployed security controls by the seller ISV. However, it’s quite an undertaking and getting help from Labra will make it faster, easier and cheaper to get there right, first time.

Speak to us today about building your AWS Vendor Insights profile.

Speak to us today about building your AWS Vendor Insights profile.

Related Posts