In 2020, we announced the Express Security Review, the only program of its kind that simplifies the Google OAuth verification and security assessment process. Through partnerships with Google certified, third-party security firms, we set out to make this complex verification process as simple as possible. Today, we are excited to announce that we have made this workflow even easier by automating the Express Security Review process through the Nylas dashboard.
Starting the Nylas Express Security Review
Going forward, most of the assessment steps are handled through the Nylas dashboard and with direct communication with the Nylas Customer Success team. There are three main stages in the Nylas Express Security Review process: the Qualifier and Purchase Assessment, Google Verification Wizard, and the Security Assessment. To begin the security review process, there are a couple of prerequisites:
- In your Nylas Dashboard, add the Google Project ID that needs verification.
- Ensure your Google application’s OAuth Client ID and Client Secret are added to your Nylas Dashboard under “App Settings” in the “Google OAuth” tab.
- You are ready to begin the assessment. Click on “Express Security Review” to start the assessment.
Qualifier and Purchase Assessment
The first portion consists of two steps and should be completed by someone on your team who understands how your platform uses the Nylas APIs and knows your billing and payment information.The Qualifier section determines the kind of Google Oauth verification/assessment your platform needs. In this step, select your Google Project number as well as the Nylas APIs you use (email, calendar, or contacts), and indicate how you use the selected APIs. Depending on your answer, you are redirected to one of two different paths:
- Purchase Assessment – You proceed to this step if your application requires a third-party security assessment.
- Google Verification Wizard – You proceed to this step if your application does not require a third-party security assessment and only requires Google Verification.
The Purchase Assessment step uses your answers to estimate the final security assessment costs. As stated above, there are two outcomes within this step.
- Your application is eligible for the standard Security Assessment cost.
- Your application needs a custom quote from a third-party security assessor.
- Based on the dashboard questionnaire responses, a Nylas representative will reach out within five business days to coordinate between you and the third-party security firm to produce the exact quote.
Google Verification Wizard
Once the verification process has been completed, the Nylas team then sets up a streamlined assessment with one of Google’s approved security firms. At this stage, you’ll need someone from your team who can answer product questions and technical questions while remediating any found security issues/concerns. After you submit the responses, a Nylas Customer Success manager will reach out in two business days if there are any additional questions. This step also streamlines the sharing of general information with the third-party security firm, including: company name, project points of contact information, preferred communication methods, previous security test reports, and incidents so that testing can get underway quickly.
Here’s a visual overview of the process from start to finish:
Speak to a platform specialist now to learn more about the Nylas Express Security Review.