AWS Marketplace’s ‘Incredible’ New Vendor Insights Tool: 5 Keys

‘It’s going to simplify our channel partners role because now they won’t have to play that middle person between the ISV and customer,’ says AWS’ Chris Grusz, regarding the new AWS Marketplace Vendor Insights solution.

5 Big Features Of The New AWS Marketplace Vendor Insights

As more businesses buy their IT via the AWS Marketplace, the public cloud kingpin is making it quicker and easier than ever to procure independent software vendors (ISVs) and partner solutions through the Marketplace with its new Vendor Insights tool.

Unveiled at AWS re:Inforce today, the new AWS Marketplace Vendor Insights simplifies third-party software risk assessments by compiling security and compliance information in a single unified dashboard, cutting down the buying process by weeks and even months.

Chris Grusz, general manager of worldwide ISV Alliances and Marketplace, said the new solution will fix the software procurement “bottleneck” process which occurs when selecting a technology solution.

“So once the technology was selected, you go through the legal review, but then a lot of times an ISV would get a 200-question packet from a customer saying, ‘OK, you need to answer all these questions before we buy. Where are you at with PCI? What’s your GDPR status?’ Who’s on your board?’ All these kind of technical questions and certification questions about the technology that was being brought in,” said Grusz.

[Related: AWS re:Inforce Keynote: 7 Big Security, Ukraine, Ransomware Remarks]

“And just as soon as the ISV would finish one of those questionnaires, they would win another customer and get another packet and have to go through another 200 questions,” Grusz told CRN. “So it’s kind of a Groundhog Day event where our customers were passing these packets to our ISVs, and this was adding multiple weeks or even months to process the software procurement experience.”

AWS built the AWS Marketplace Vendor Insights tool to streamline vendor assessments which is what customers were asking for.

AWS Marketplace Vendor Insights Partner Benefit

The unified web-based dashboard gives governance, risk, and compliance teams access to security and compliance information, such as data privacy and residency, application security, and access control.

Vendor Insights also provides evidence backed by AWS Config and AWS Audit Manager assessments, external audit reports, and software vendor self-assessments. It helps buyers reduce assessment lead time to a few hours by allowing buyers to access the vendor’s validated security profile and removes the need for periodic reassessments.

Channel partners will also benefit greatly from new dashboard.

“As a channel partner selling one of these products, they’re now enabled through Vendor Insights to be able to get their deals done dramatically faster,” said Grusz. “Because oftentimes they had to play kind of the broker between the customer and the ISV to gather this information back and they became a middleman. … It’s going to simplify our channel partners role because now they won’t have to play that middle person between the ISV and customer.”

In an interview with CRN, AWS’ Grusz explains five key features of the AWS Marketplace Vendor Insights that channel partners, ISVs and customers need to know.

‘A Big Time Saver’: All Publicly Available Data In One Spot

The first piece is the ability to collect publicly available information on certifications.

A lot of these certifications are available on a public domain basis. You just have to know where to get them. You can figure out if an ISV has gone through FedRAMP if you go to the FedRAMP website. Now the problem is you need to know how to navigate that.

Then you can go to PCI and you can find out who’s PCI compliant, but you have to navigate their website. Then you can go to a whole bunch of these other sites that have these certifications, but you have to continuously navigate these sites.

So with Vendor Insights, we’re going to pull in all of that information on a real time basis.

So when you go to the AWS Marketplace’s seller page for a particular ISV—anything that’s available on a publicly available process will be displayed directly on their Marketplace listing page.

So our customers will have one place that they can go look to see all of these public certifications.

It’s a great way for our customers to get an initial read on: what is the security profile of this particular ISV. So we think that’s going to be a big time saver because now our customers won’t have to navigate dozens of websites to go find that.

150 Security Credentials Visible

There’s a number of security controls that ISVs can configure with AWS. Those security controls are not actually displayed to customers. So what we’re going to be doing is using some of our own AWS services to continuously look at the security controls of our ISVs.

Once you look at an ISV, it will actually show the certification of those ISVs: do they have SSL enabled? Have they encrypted all the S3 buckets? And all of these types of credentials.

There’s 150 of them in total that we’re going to be checking for.

So now our customers are going to be able to look at a SaaS ISV that’s built on top of AWS, and be able to see the status of these different security options that our ISVs can set up for their products.

It’s going to be continuously scanning those ISV solutions as well. So if they turn off something like encryption on an S3 bucket, that would then show up in that very same report.

So we feel that this combined with the public available information, alongside things that we’re going to be continuously scanning for these SaaS ISVs that are built on top of AWS. Because they’re built on top of AWS, we’re in a unique position to actually consolidate that view, and provide that to new buyers.

‘Available On A Real-Time Basis’

All of this ISV data and certifications will be available on a real time basis.

So if a someone suddenly loses their FedRAMP status, for example, then that tile will be removed off of our website.

That was one of the pieces of feedback that we got was that: you do these questionnaires, but it was a point in time exercise.

So how do you kind of check on an ongoing basis that they still maintain those credentials.

This is going allow our customers just to look at the seller pages within Marketplace to actually see all of those credentials in one place. So again, just really simplifying that vendor assessment piece.

Key Benefits For Channel Partners

From a channel perspective, this adds a lot of value because we’ve obviously added the ability for our channel partners to resell all these technologies through Marketplace.

As a channel partner selling one of these products, they’re now enabled through Vendor Insights to be able to get their deals done dramatically faster. Because oftentimes they had to play kind of the broker between the customer and the ISV to gather this information back and they became a middleman.

Instead, what you’re going to be able to do is say, ‘Hey, go look at the Vendor Insights profile through Marketplace. That’s going to answer 90 percent of what you have, and then I’ll go find that remaining 10 percent for you.’

So our channel partners are also going to see acceleration on their subscriptions when they go through Marketplace. This is really an incredible tool which is why we’re excited about this.

We think this is going to be a great value add for our buyers because it’s going to simplify their experience buying, especially when it goes to Marketplace.

It’s going to simplify our channel partners role, because now they won’t have to play that middle person between the ISV and customer for a large majority of questions that are basic questions that they probably don’t want to get involved with.

Instead, they can steer them towards Marketplace to address those questions. They will get their deals done dramatically faster.

Vendor Insights Looks At The ‘SaaS Application Inside Out’

This is unique in that it’s actually looking at the SaaS application from the inside out.

A lot of times, an MSP or an system integrator (SI) will provide almost like a penetration test report, where they’ve looked at the SaaS application from the outside saying, ‘OK, we’ve tested all the fields. And we know that they’re encrypted,’ but it’s from an outside-in.

This is going to provide an inside-out view of those SaaS ISVs. So that’s going to be a value-add for these MSPs and Sis who are providing services around these technologies.

Then because a lot of times MSPs and SI’s don’t really care about the reseller technology, they care more about the professional services element—they will still be able to sell the professional services through Marketplace and put that directly on the Marketplace bill.

It’s going to accelerate our ISV and AWS channel partner sales.