200 is a nice round number
Anecdotes is on a mission to make GRC data-driven. In order to make that vision a reality and fuel your program with GRC data, our dedicated development team builds all of our plugins (which collect that data) in-house. Based on a roadmap dictated by customer requests and market needs, the team builds each new plugin to collect all of the relevant GRC data a given tool has to offer. They also continue to add data points to existing plugins to better serve our customers’ needs.
We just shipped our 200th native plugin, and this milestone feels like a good opportunity to share the philosophy behind our plugins and why we care so much about building every single one in-house.
Why build in-house?
Building 200 plugins has required a fair amount of work. Could we have collected some of that data through third-party APIs? Of course. But there are several reasons we feel building in-house better serves our customers.
1. Relevance
When third-party companies set up APIs, their developers decide what data to include. Since they don’t build them specifically for GRC, they may not think of including the data you need or may collect additional data that you don’t need. When we build integrations in-house, our GRC experts determine what GRC data to pull to meet your needs. Nothing more, nothing less.
2. Sophistication
Not every data point collected equals a relevant piece of evidence. Third-party tools are all built by different developers with different goals in mind and different delivery formats. When we build the plugins ourselves, we can accommodate more complex solutions, for example by combining several data points into one piece of data evidence. We can also collect all kinds of GRC data and present it in a consistent and user-friendly way.
3. No third-party access
Some GRC data is highly sensitive. Using third-party tools would force our customers to share that sensitive data with third parties, and we’d never ask you to do that. Third-party APIs increase the risk of security issues including unauthorized access and data breaches. While there are many practices to help secure third-party APIs, we believe the better solution is to bypass them altogether and provide our own secure plugins.
4. Principle of least privilege
Since a third-party API doesn’t only have GRC in mind, it often requires access to data that there is no real justification for granting access to. In addition, many times, these APIs need more than reading permissions. By building our own plugins, we can ensure that the principle of least privilege is followed.
5. Flexibility
The fact that we built the world’s first Compliance OS doesn’t mean we’re resting on our laurels. We value customer feedback and aim to improve our products and services continually. Since we build and own every Anecdotes plugin, we can (and do) update them whenever there is a need. Sometimes it's a data point our experts decide to add, other times it is based on requests from customers.
{{ banner-image }}
Maintaining your trust means everything to us
To achieve a data-powered future for GRC, you first and foremost need real GRC data. The only way to ensure you are collecting all of the relevant data, and only that data, is by using our proprietary plugins.
We are proud to lead the market with the most in-house-built plugins. Now, back to work...
See you at the next plugin-aversary!
Key Takeaways
What you will learn
About the author
