Search the Community

Data is the most fundamental factor that provides businesses a competitive edge in the market. It is a strategic asset that you can leverage to gain insights, identify upcoming profitable trends, and make informed decisions. However, procuring the right data can be challenging. Traditional methods often involve complex negotiations, manual integrations, and compatibility issues. Here’s […]View the full article

AWS Marketplace now gives customers the ability to request product demos and private offers directly from sellers' product listing pages. This helps customers accelerate product evaluations and further reduce their procurement cycle times. View the full article

Today, AWS Marketplace announces the general availability of the tax dashboard for AWS Marketplace Sellers. The tax dashboard can be accessed in the AWS Marketplace Management Portal (AMMP) under the Insights > Finance operations tab. Previously, AWS Marketplace Sellers could only access taxation data through the legacy customer subscriber CSV report, or programmatically by Commerce Analytics Service (CAS). View the full article

Today, AWS Marketplace announces the general availability of the agreements and renewals Amazon QuickSight dashboard for sellers. AWS Marketplace sellers can now access the dashboard under the Insights > Sales operations tab of the AWS Marketplace Management Portal (AMMP). View the full article

AWS Marketplace Vendor Insights is a new capability of AWS Marketplace. It simplifies third-party software risk assessments when procuring solutions from the AWS Marketplace. It helps you to ensure that the third-party software continuously meets your industry standards by compiling security and compliance information, such as data privacy and residency, application security, and access control, in one consolidated dashboard. As a security engineer, you may now complete third-party software risk assessment in a few days instead of months. You can now: Quickly discover products in AWS Marketplace that meet your security and certification standards by searching for and accessing Vendor Insights profiles. Access and download current and validated information, with evidence gathered from the vendors’ security tools and audit reports. Reports are available for download on AWS Artifact third-party reports (now available in preview). Monitor your software’s security posture post-procurement and receive notifications for security and compliance events. As a software vendor, you can now reduce the operational burden of responding to buyer requests for risk assessment information. It gives your customers a self-service access experience. You can now: Build your product’s security profile by uploading your ISO 27001 or SOC2 Type 2 report and completing a software risk assessment with AWS Audit Manager. Store and share your compliance reports such as ISO 27001 and SOC2 Type 2, using AWS Artifact third-party reports (preview). View and approve your buyer requests for viewing security controls and compliance artifacts stored in Vendor Insights. Let’s See It in Action I want to procure a solution on the AWS Marketplace. But before purchasing the product, as a security engineer, I want to review its compliance. I navigate to the AWS Marketplace page of the AWS Management Console. I use the faceted search on the left side to select vendors that are ISO 27001 compliant. I select a product. On the Product Overview page, I select View assessment data on the top right side (not shown on the screenshot). Then, I can see the overview page, which shows the Security certification received and the Expiration date. I select the Security and compliance tab and see that I need to request access to see the detailed security and compliance information. I select the Request access button on the top right side to ask the vendor for access to their compliance documents. On the next page, I fill in the Your information form with my details, and I select Request access. The Next Steps section details what will happen next. The seller will contact me to sign a nondisclosure agreement (NDA). The seller will notify AWS Marketplace when the NDA is signed. Then, I will be granted access to Vendor Insights data. The process can take a few days. For this demo, I switch to a fictional product—Everest—for which I have access to the compliance data. Here is the Security and compliance tab when my request for access is accepted. The Summary section shows how many controls are available. It reports how many have been validated with evidence and how many have been self-reported by the seller. It also shows how many noncompliant controls are reported. I can scroll down the page to see the details for multiple categories: Audit, compliance and security policy, Data security, Access management, Application security, Risk management and incident response, Business resiliency and continuity, End user device security, Infrastructure security, Human resources, and Security and configuration policy. The screenshot does not show all of them. I select the detail for Access control and see the list under Control name. For each of them, I can see the compliance for SOC2 Type 2, ISO 27001, and the Vendor self-assessment. I select the noncompliant one to get the details and the explanation the vendor provided. If needed, I might also use AWS Artifact third-party reports (preview) to download the compliance reports. For Software Vendors As a software vendor, you can create a security profile for your SaaS products on AWS Marketplace and share this profile with your prospective and existing buyers. It helps you to reduce the manual work for engineering and security teams to respond to your customer questionnaires. To create a security profile, you will need to complete a self-assessment using AWS Audit Manager on your marketplace management AWS account, share the current SOC2 Type II and ISO27001 compliance artifacts, if available, and turn on automated assessment using Audit Manager and AWS Config on your production AWS accounts. Our team has created an AWS CloudFormation template to automate the onboarding steps. You can find the technical resources, such as the setup guide and the onboarding templates, on our GitHub repository. Once the profile is created, Vendor Insights will keep your security profile up to date by using automated evidence from Audit Manager and AWS Config. The updates to your profile are sent as notifications. Your security and compliance team can review the updates before they are shared with buyers. With Vendor Insights, you manage access to your product’s security profile by approving the buyer’s subscription requests. When a buyer requests access, Vendor Insights shares their contact information over email to your compliance or deal-desk operations team. They can complete the NDA with the buyer and notify AWS Marketplace to grant the buyer access to your security profile. You can also request AWS Marketplace to revoke the buyer’s subscription on a later day if you don’t want to share your product’s security and compliance posture information with the buyer anymore. The entire process is documented in the AWS Marketplace Vendor Insights seller guide. Pricing and Availability Vendor Insights is now available in all AWS Regions where AWS Marketplace is available. The pricing model is very simple; there is no charge involved for using AWS Marketplace Vendor Insights. For buyers, you can access and download assets during your procurement phase. You lose access to the Vendor Insights profile if you have not purchased the product after 60 days. When you purchase the product, you keep access to the product’s security profile for continuous monitoring of its compliance status. For sellers, AWS Marketplace doesn’t charge to activate and use Vendor Insights. You will incur fees for using Audit Manager and AWS Config. Go and start your risk assessments on the AWS Marketplace today. -- sebView the full article

Now Also a Member of AWS Partner Network Global Startup Program Seattle, WA – Dec. 02, 2020 – Humio, a Gartner Cool Vendor and the only log management platform enabling complete observability for all streaming logs in real time and at scale, self-hosted or in the cloud, today announced that its modern, index-free log management […] The post Humio Streaming Log Management Now Available In Aws Marketplace appeared first on DevOps.com. View the full article