{"id":1556,"date":"2023-02-03T16:46:00","date_gmt":"2023-02-03T16:46:00","guid":{"rendered":"https:\/\/www.pax8.com\/future-blog\/vendor-defensibility-checklist\/"},"modified":"2023-05-11T19:46:12","modified_gmt":"2023-05-11T19:46:12","slug":"vendor-defensibility-checklist","status":"publish","type":"post","link":"https:\/\/www.pax8.com\/blog\/vendor-defensibility-checklist\/","title":{"rendered":"Your checklist to maximizing vendor defensibility"},"content":{"rendered":"<p>Reduce your risk by choosing your vendors wisely.<\/p>\n<p>Vulnerabilities exist in every technology stack. But as a managed service provider (MSP), you can minimize your clients\u2019 risk by taking these steps and asking your SaaS vendors security questions to ensure they\u2019ve done their due diligence when it comes to cybersecurity\u2014so you can show that you\u2019ve done yours.<\/p>\n<h2>What Is Vendor Defensibility?<\/h2>\n<p>Vendor defensibility refers to SaaS vendors\u2019 ability to adequately secure user privacy and data. SaaS vendors are prime <a href=\"https:\/\/www.pax8.com\/blog\/rackspace-ransomware-attack\/\" target=\"_blank\" rel=\"noopener\">targets<\/a> for bad actors because they store massive quantities of data in the cloud that users can access from multiple devices, exposing numerous vulnerabilities, so it\u2019s critical that MSPs implement security frameworks and due care around the vendors they offer because it\u2019s not a matter of if, but when attacks will occur.<\/p>\n<h2>Why Do I Need a Vendor Defensibility Checklist?<\/h2>\n<p>Technological advancement often happens <em>before<\/em> adequate safety protocols are put in place\u2014think of the growing pains the aerospace and manufacturing industries went through before reaching modern standards, for example. Likewise, cloud-based technology presents a number of security issues, and new and existing vendors alike need to be up to date on the latest security protocols.<\/p>\n<p>As an MSP, you represent a crucial part of your clients\u2019 <a href=\"https:\/\/www.csoonline.com\/article\/3191947\/supply-chain-attacks-show-why-you-should-be-wary-of-third-party-providers.html\" target=\"_blank\" rel=\"noopener\">cybersecurity supply chain<\/a>, as do the vendors whose products you offer. Security breaches through SaaS vendors can be very costly to both you and your clients. Not only do these breaches threaten to expose the sensitive data of anyone using the vendor\u2019s technology, but they can also jeopardize your relationship with your clients\u2014and your credibility.<\/p>\n<h2>No. 1: Check Your Vendor Against Cybersecurity Industry Standards<\/h2>\n<p>First things first: Make sure your vendors possess <a href=\"https:\/\/www.moodysanalytics.com\/articles\/2018\/best-practices-for-saas-security\" target=\"_blank\" rel=\"noopener\">key general compliance measurements<\/a>, such as a SOC 2 report and ISO 27001 certification. SOC 2, or Service Organizational Control 2, is a third-party audit that ensures organizations manage customer data based on five principles set forth by the <a href=\"https:\/\/us.aicpa.org\/interestareas\/frc\/assuranceadvisoryservices\/aicpasoc2report\" target=\"_blank\" rel=\"noopener\">American Institute of CPAs<\/a> (AICPA): security, availability, processing integrity, confidentiality, and privacy. SOC 2 reports help provide oversight to the organization, and the fact that a vendor has a SOC 2 report should be considered a starting point for judging its security health.<\/p>\n<p>In addition, vendors should have an <a href=\"https:\/\/www.techtarget.com\/whatis\/definition\/ISO-27001\" target=\"_blank\" rel=\"noopener\">ISO 27001<\/a> (shorthand for ISO\/IEC 27001:2022). It\u2019s a security standard put forth by the International Organization for Standardization (ISO), an organization that includes representatives from the national standards organizations of several countries. ISO 27001 provides a framework and best practices for information security management and asks organizations to prove they have a functional information security management system (ISMS) in place. If the vendor is not ISO 27001 certified, it\u2019s worth asking why they aren\u2019t and reconsidering whether you want to work with them.<\/p>\n<p>Another challenge when it comes to these certifications is determining their scope. Does their SOC 2 audit cover all the ways in which you and your clients will use this vendor? If the scope is too narrow, security risks could still exist and leave you and your clients\u2019 business open to cyberattacks.<\/p>\n<h2>No. 2: Ask If the Vendor Will Share Their Security Documentation with You<\/h2>\n<p>The fact that a vendor has a SOC 2 report is a good starting place for judging their defensibility against attacks. Feel free to ask your vendor if they\u2019ll share their SOC 2 report with you.<\/p>\n<p>Not every vendor will want to share their SOC 2. That shouldn\u2019t be a deal breaker for working with them because regularly sharing a SOC 2 with outside parties could reveal avenues that open them to attacks. The vendor could instead opt to share its <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/definition\/Soc-3-Service-Organization-Control-3\" target=\"_blank\" rel=\"noopener\">SOC 3<\/a>. A SOC 3 report includes much of the same information as a SOC 2 but in a more publicly digestible format, without the level of detail that could unintentionally open them up to attack. Look to see if the organization has posted a SOC 3 report on their website or ask if they can share it with you directly.<\/p>\n<h2>No. 3: Ask If the Vendor Has Had Its Code Reviewed<\/h2>\n<p>It\u2019s worth asking a vendor if they\u2019ve had their code reviewed by a third party to determine its <a href=\"https:\/\/www.indeed.com\/career-advice\/career-development\/what-is-code-quality\" target=\"_blank\" rel=\"noopener\">health<\/a>. Unhealthy code could appear in the form of legacy tech debt where the vendor is using deprecated services, for example, or if it\u2019s too complex to consistently test, address faults, and make improvements.<\/p>\n<p>To check an app\u2019s code health, there&#8217;s a nonprofit called the <a href=\"https:\/\/owasp.org\/www-project-application-security-verification-standard\/\" target=\"_blank\" rel=\"noopener\">Open Web Application Security Project<\/a> (OWASP) dedicated specifically to improving software security. The OWASP provides a top 10 web application critical security risks, such as authentication and access control, as well as guidance to fix those risks if they are flagged. In addition, the organization\u2019s Application Security Verification Standard (ASVS) gives developers a more formal way to test an app\u2019s security. You can ask if the vendor has tested against this standard and what level they have achieved, from ASVS level 1 (the bare minimum) through level 2 and 3 (recommended for programs that store highly sensitive data, such as personally identifiable medical information).<\/p>\n<h2>No. 4: Ask about Any Additional Requirements You Need<\/h2>\n<p>Just as the federal government has set out <a href=\"https:\/\/www.pax8.com\/blog\/new-government-regulation-for-msps\/\" target=\"_blank\" rel=\"noopener\">new rules for MSPs<\/a>, your clients who serve the government or other heavily regulated industries may have additional security requirements, such as FedRAMP or CMMC compliance for government agencies or CJIS for law enforcement. Find out if your clients have any specific security requirements based on their industry and then make sure your vendor can comply with them. If they can\u2019t, find out if that specific industry compliance is on the vendor&#8217;s roadmap.<\/p>\n<h2>No. 5: Ask to Meet with the Vendor about Their Cybersecurity<\/h2>\n<p>One of the best ways to judge a vendor\u2019s defensibility is to ask to meet with them specifically to discuss their cybersecurity. Request a meeting with the vendor\u2019s CTO or head of cybersecurity and come prepared with your questions. Feel free to do your own research about any possible security issues the vendor has faced via Google, review sites, and trusted contacts\u2014of course, take this information with a grain of salt, but also feel free to ask candid operational questions based on your findings.<\/p>\n<h2>Preparation Is Key<\/h2>\n<p>When it comes to cybersecurity, it\u2019s always better to be safe than sorry. By using this checklist as a starting point, you can do your part to reduce risk for your clients and become a trusted partner.<\/p>\n<p>At Pax8, we remain dedicated to providing MSPs with vetted solutions and deep expertise to help you grow your business. Browse hundreds of products from industry-leading vendors in the Pax8 cloud marketplace.<\/p>\n<p><a class=\"btn-primary\" href=\"https:\/\/www.pax8.com\/marketplace\">Explore solutions<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Reduce your risk by choosing your vendors wisely. Vulnerabilities exist in every technology stack. But as a managed service provider (MSP), you can minimize your clients\u2019 risk by taking these steps and asking your SaaS vendors security questions to ensure they\u2019ve done their due diligence when it comes to cybersecurity\u2014so you can show that you\u2019ve [&hellip;]<\/p>\n","protected":false},"author":141,"featured_media":1557,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[3,4,5],"tags":[],"class_list":["post-1556","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-industry-trends","category-msp","category-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Your checklist to maximizing vendor defensibility - Pax8 Blog<\/title>\n<meta name=\"description\" content=\"MSP client security is only as strong as the vendors they use. Learn which SaaS vendor security questions you should ask.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.pax8.com\/blog\/vendor-defensibility-checklist\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Your checklist to maximizing vendor defensibility - Pax8 Blog\" \/>\n<meta property=\"og:description\" content=\"MSP client security is only as strong as the vendors they use. Learn which SaaS vendor security questions you should ask.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.pax8.com\/blog\/vendor-defensibility-checklist\/\" \/>\n<meta property=\"og:site_name\" content=\"Pax8 Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-03T16:46:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-11T19:46:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.pax8.com\/blog\/wp-content\/uploads\/sites\/13\/2023\/05\/vendor-defensibility.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"narnold\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"narnold\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/vendor-defensibility-checklist\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/vendor-defensibility-checklist\\\/\"},\"author\":{\"name\":\"narnold\",\"@id\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/#\\\/schema\\\/person\\\/4f1f5ecebcf730cc2be7b763a310a63c\"},\"headline\":\"Your checklist to maximizing vendor defensibility\",\"datePublished\":\"2023-02-03T16:46:00+00:00\",\"dateModified\":\"2023-05-11T19:46:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/vendor-defensibility-checklist\\\/\"},\"wordCount\":1097,\"publisher\":{\"@id\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/vendor-defensibility-checklist\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/13\\\/2023\\\/05\\\/vendor-defensibility.jpg\",\"articleSection\":[\"Industry trends\",\"MSPs\",\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/vendor-defensibility-checklist\\\/\",\"url\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/vendor-defensibility-checklist\\\/\",\"name\":\"Your checklist to maximizing vendor defensibility - Pax8 Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/vendor-defensibility-checklist\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/vendor-defensibility-checklist\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/13\\\/2023\\\/05\\\/vendor-defensibility.jpg\",\"datePublished\":\"2023-02-03T16:46:00+00:00\",\"dateModified\":\"2023-05-11T19:46:12+00:00\",\"description\":\"MSP client security is only as strong as the vendors they use. Learn which SaaS vendor security questions you should ask.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/vendor-defensibility-checklist\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.pax8.com\\\/blog\\\/vendor-defensibility-checklist\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/vendor-defensibility-checklist\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/13\\\/2023\\\/05\\\/vendor-defensibility.jpg\",\"contentUrl\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/13\\\/2023\\\/05\\\/vendor-defensibility.jpg\",\"width\":1200,\"height\":630,\"caption\":\"A chain link that glows blue\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/vendor-defensibility-checklist\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Your checklist to maximizing vendor defensibility\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/\",\"name\":\"Pax8 Blog\",\"description\":\"Where IT pros go to keep up with the cloud\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/#organization\",\"name\":\"Pax8 Blog\",\"url\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/13\\\/2023\\\/03\\\/pax8-logo-white-blog-300x300-1.png\",\"contentUrl\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/13\\\/2023\\\/03\\\/pax8-logo-white-blog-300x300-1.png\",\"width\":300,\"height\":300,\"caption\":\"Pax8 Blog\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/#\\\/schema\\\/person\\\/4f1f5ecebcf730cc2be7b763a310a63c\",\"name\":\"narnold\",\"url\":\"https:\\\/\\\/www.pax8.com\\\/blog\\\/author\\\/narnold\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Your checklist to maximizing vendor defensibility - Pax8 Blog","description":"MSP client security is only as strong as the vendors they use. Learn which SaaS vendor security questions you should ask.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.pax8.com\/blog\/vendor-defensibility-checklist\/","og_locale":"en_US","og_type":"article","og_title":"Your checklist to maximizing vendor defensibility - Pax8 Blog","og_description":"MSP client security is only as strong as the vendors they use. Learn which SaaS vendor security questions you should ask.","og_url":"https:\/\/www.pax8.com\/blog\/vendor-defensibility-checklist\/","og_site_name":"Pax8 Blog","article_published_time":"2023-02-03T16:46:00+00:00","article_modified_time":"2023-05-11T19:46:12+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.pax8.com\/blog\/wp-content\/uploads\/sites\/13\/2023\/05\/vendor-defensibility.jpg","type":"image\/jpeg"}],"author":"narnold","twitter_card":"summary_large_image","twitter_misc":{"Written by":"narnold","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.pax8.com\/blog\/vendor-defensibility-checklist\/#article","isPartOf":{"@id":"https:\/\/www.pax8.com\/blog\/vendor-defensibility-checklist\/"},"author":{"name":"narnold","@id":"https:\/\/www.pax8.com\/blog\/#\/schema\/person\/4f1f5ecebcf730cc2be7b763a310a63c"},"headline":"Your checklist to maximizing vendor defensibility","datePublished":"2023-02-03T16:46:00+00:00","dateModified":"2023-05-11T19:46:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.pax8.com\/blog\/vendor-defensibility-checklist\/"},"wordCount":1097,"publisher":{"@id":"https:\/\/www.pax8.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.pax8.com\/blog\/vendor-defensibility-checklist\/#primaryimage"},"thumbnailUrl":"https:\/\/www.pax8.com\/blog\/wp-content\/uploads\/sites\/13\/2023\/05\/vendor-defensibility.jpg","articleSection":["Industry trends","MSPs","Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.pax8.com\/blog\/vendor-defensibility-checklist\/","url":"https:\/\/www.pax8.com\/blog\/vendor-defensibility-checklist\/","name":"Your checklist to maximizing vendor defensibility - Pax8 Blog","isPartOf":{"@id":"https:\/\/www.pax8.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.pax8.com\/blog\/vendor-defensibility-checklist\/#primaryimage"},"image":{"@id":"https:\/\/www.pax8.com\/blog\/vendor-defensibility-checklist\/#primaryimage"},"thumbnailUrl":"https:\/\/www.pax8.com\/blog\/wp-content\/uploads\/sites\/13\/2023\/05\/vendor-defensibility.jpg","datePublished":"2023-02-03T16:46:00+00:00","dateModified":"2023-05-11T19:46:12+00:00","description":"MSP client security is only as strong as the vendors they use. Learn which SaaS vendor security questions you should ask.","breadcrumb":{"@id":"https:\/\/www.pax8.com\/blog\/vendor-defensibility-checklist\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.pax8.com\/blog\/vendor-defensibility-checklist\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.pax8.com\/blog\/vendor-defensibility-checklist\/#primaryimage","url":"https:\/\/www.pax8.com\/blog\/wp-content\/uploads\/sites\/13\/2023\/05\/vendor-defensibility.jpg","contentUrl":"https:\/\/www.pax8.com\/blog\/wp-content\/uploads\/sites\/13\/2023\/05\/vendor-defensibility.jpg","width":1200,"height":630,"caption":"A chain link that glows blue"},{"@type":"BreadcrumbList","@id":"https:\/\/www.pax8.com\/blog\/vendor-defensibility-checklist\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.pax8.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Your checklist to maximizing vendor defensibility"}]},{"@type":"WebSite","@id":"https:\/\/www.pax8.com\/blog\/#website","url":"https:\/\/www.pax8.com\/blog\/","name":"Pax8 Blog","description":"Where IT pros go to keep up with the cloud","publisher":{"@id":"https:\/\/www.pax8.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.pax8.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.pax8.com\/blog\/#organization","name":"Pax8 Blog","url":"https:\/\/www.pax8.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.pax8.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.pax8.com\/blog\/wp-content\/uploads\/sites\/13\/2023\/03\/pax8-logo-white-blog-300x300-1.png","contentUrl":"https:\/\/www.pax8.com\/blog\/wp-content\/uploads\/sites\/13\/2023\/03\/pax8-logo-white-blog-300x300-1.png","width":300,"height":300,"caption":"Pax8 Blog"},"image":{"@id":"https:\/\/www.pax8.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.pax8.com\/blog\/#\/schema\/person\/4f1f5ecebcf730cc2be7b763a310a63c","name":"narnold","url":"https:\/\/www.pax8.com\/blog\/author\/narnold\/"}]}},"_links":{"self":[{"href":"https:\/\/www.pax8.com\/blog\/wp-json\/wp\/v2\/posts\/1556","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pax8.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pax8.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pax8.com\/blog\/wp-json\/wp\/v2\/users\/141"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pax8.com\/blog\/wp-json\/wp\/v2\/comments?post=1556"}],"version-history":[{"count":0,"href":"https:\/\/www.pax8.com\/blog\/wp-json\/wp\/v2\/posts\/1556\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.pax8.com\/blog\/wp-json\/wp\/v2\/media\/1557"}],"wp:attachment":[{"href":"https:\/\/www.pax8.com\/blog\/wp-json\/wp\/v2\/media?parent=1556"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pax8.com\/blog\/wp-json\/wp\/v2\/categories?post=1556"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pax8.com\/blog\/wp-json\/wp\/v2\/tags?post=1556"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}