Easy implementation, and a scalable vendor onboarding process helps this financial services company start their third-party risk program
Spaceship helps their customers invest where the world is going. UpGuard gave them visibility into their external security posture, and streamline vendor management.
Vendors and partners monitored daily
Hours saved per new vendor onboarding
Vendor risks automatically discovered, and prioritized for remediation
Spaceship is a financial services company, on a mission to help young people save and invest for their future.
Help Spaceship get their third-party risk program started, without bogging them down in complexity, cost and jargon.
UpGuard Vendor Risk for Vendor Risk Management and Security Ratings
Spaceship is on a mission to help young Australian people build wealth. Their first product, a Superannuation (retirement savings) fund, leverages modern technology to give customers control over their finances. Whereas people once tended to settle into one career for life, it is now common to switch jobs many times, resulting in multiple Superannuation accounts to manage. Spaceship solves the problem of saving money in a world where life changes quickly.
Spaceship depends on third parties for both technology and financial services, all of which must be secure and reliable to deliver a quality financial future. As a startup, they must allocate resources wisely, constraining what can be dedicated to vendor assessment in terms of time and money. Furthermore, as a company that prides itself on investing in the future, Spaceship needs a solution that reflects the forward thinking that drives their own success.
To gain visibility into the risks of their digital surfaces and those of their vendors and partners, Spaceship turned to UpGuard Vendor Risk for continuous risk monitoring, security ratings, and automated assessments. The risk monitoring capabilities assured them that their own internet-facing properties were securely configured, and gave them the technical information to guide their vendors toward best practices. Security ratings enabled the team to prioritize the third parties most in need of a closer look, and the questionnaire assessments closed the loop with detailed responses on internal controls needed to safely do business.
UpGuard’s Cyber Security Ratings help us understand which of our vendors are most likely to be breached so we can take immediate action.
UpGuard Vendor Risk is a cloud-hosted solution, so there was no software deployment needed to get started. The Spaceship team was able to invite their whole team in minutes. Next, they imported a list of their vendors. Because UpGuard monitors every business with a digital footprint, the detailed results and risk scores were available immediately. The team even started “following” vendors that they were not yet using in order to proactively measure their risk.
Securing Spaceship’s own assets– and implementing ongoing monitoring to prevent any regressions– was a simple step to decreasing their risk of a data breach. After entering their own primary domain, the UpGuard cloudscanner returned a list of websites and assets associated with Spaceship. To complete their risk profile, Spaceship added their API endpoints to ensure new development would not introduce configuration risks.
Prior to using UpGuard, onboarding vendors was an ad hoc process, as it often is even at much larger organizations. Administering assessment questionnaires presented too much of a time sink to be worth the benefit. With UpGuard’s automated questionnaires they could build that into the vendor onboarding process with virtually no additional effort. High risk issues were automatically flagged for review.
The initial estimate of instituting such a vendor risk management program was adding a full time employee; with UpGuard automating much of the work, an existing Spaceship employee was able to add it her onboarding process without issue.
Join hundreds of companies like yours using UpGuard to manage their cyber risk, secure their data and automate their security compliance.