Over the last 18 months at LastPass, we’ve been hard at work becoming an independent company with an enhanced cybersecurity focus, migrating our technology stack from on-premises to cloud, and building a state-of-the-art security program from the ground up with all new, best-in-breed security and privacy controls and operations.
From the outset, we wanted to ensure we also built a modern, advanced and streamlined compliance program that brings more efficiency to what we do, and more importantly, provides visibility and self-service to our customers to make it easier for customers and prospects to get the compliance, security and resilience information they need.
Our vision is to ensure LastPass compliance is focused on three key principles: seamless integration into business processes, automation whenever possible, and a focus on customer experience.
Today, we are excited to announce our next step on this journey: the establishment of the LastPass Compliance Center via a partnership with Drata, a security and compliance automation platform that continuously monitors and collects evidence of our company’s security controls.
Drata supports our goals in several critical ways:
- Close to real-time monitoring of our security controls (both security technologies and validation of policy in Engineering and IT systems, such as Source Code Management and Mobile Device Management solutions.
- Publicly expose the results of this monitoring through our LastPass Compliance Center webpage.
- Share security assurance and policy documentation with better self-service capabilities for our customers, reducing the burden of accessing this information and associated loss of productivity from our go to market functions of manually having to share these documents.
Our partnership with Drata also gives us a more structured way to share Compliance and Security Assurance documentation with our customers and prospects at large, with a process that is more efficient to our internal teams who used to process these manually.
Anyone can now visit our Compliance Center and download our security policies and other assurance information such as SIG Lite, summaries of our penetration testing reports and other relevant information in an effort to both increase transparency about our program and support the building of trust with our customers and security industry at large.
Further, our customers and prospective customers will have a similar level of visibility into the health and coverage of our security controls as we ourselves have, serving as a driving force to ensure we are transparent in our approach to security, privacy and compliance and identifying and collaborating with internal stakeholders for any required resolutions.
The establishment of the LastPass Compliance Center and our partnership with Drata enhances the LastPass Trust Center and is a critical milestone on our ever-continuing journey to provide our customers with real-time information and transparency. It’s a journey worth making we’d invite all companies to embark on too.
