Consider the following scenario: Your company has been relying on SaaS applications both for convenience and for critical tasks for some time now, but you’re starting to hear about security risks that reliance on these cloud-based apps may pose. You begin to realize that much of your company’s sensitive information -- project, customer and operational data -- is shared on those apps and available to anyone internal or external with the right link. You’ve taken precautions to secure your perimeter, but the more you study the situation, the more concerned you grow with the amount of data residing beyond that perimeter.
You think about not only the sheer number of SaaS apps your company is utilizing, but also who has access to them. The list in your head quickly builds -- current employees, contractors, external partners, customers, vendors and anyone else who’s not “current” but may have been any of these in the past. Even the public might be able to find information you don’t want shared externally because sharing links providing access are still alive and out there. And when it dawns on you that you really have no idea of the size of the exposure and you don’t know how you can remediate the vulnerability, you start to sweat.
If this scenario feels a little too familiar, we can offer you a towel to mop your brow...
and then suggest a call to us. We’re DoControl, and we can help you cover your SaaS.
DoControl provides both the visibility you need to assess your security status and the tools to automate remediation of identified vulnerabilities. DoControl integrates with the most popular SaaS applications to compile straightforward metrics that quantify your areas of risk. The platform delivers a set of easy-to-use remediation tools and recommends security policies to quickly and continually protect your enterprise.
DoControl updates you almost instantly on how your company is using the most popular SaaS applications, such as Salesforce, Microsoft Teams, Google Drive, Slack, Github and dozens more. Once installed, DoControl provides end-to-end visibility of all users, external collaborators and domains, and assets that are being shared.
DoControl then generates a simple set of KPIs you can use to focus your remediation efforts for maximum results in the quickest time and measure the progress you’re making in containing your exposure. These KPIs include:
With KPIs in hand, you and your team can start executing rapid remediations. Say you see that two of the identified external collaborators are no longer part of your business strategy and have no ongoing need for access. All the links still open to them can be shut down.
Besides the percentages, you can see the specifics, such as the names of the external files that are shared publicly that shouldn’t be. DoControl helps you zero in on each file and shut off unwarranted access. As you make progress on these fronts, you’ll want to make sure that you’re keeping the numbers down by executing security policies that stop unwanted sharing to begin with. For example, you can create auto expiration dates for public or external sharing to ensure the data only is visible for a limited period of time.
These manual, point-in-time steps are important, but security requires ongoing vigilance and shared knowledge among all employees about how to minimize vulnerabilities without overreaching and impinging on legitimate business activities. Automation is essential to constructing, scaling and maintaining security policies across all your vital SaaS subscriptions so that you can better manage security risk while your workers and external collaborators remain productive.
Automation extends to the communication IT and security teams generate with employees, as well. DoControl is integrated with Slack and Teams, using bots to inform team members of potential issues they may want to address when a data source is shared that perhaps shouldn’t be, such as sharing with private accounts or mass sharing.
With ongoing vigilance and refinements, the KPIs will highlight ongoing movement toward a more manageable security posture. And because DoControl is both comprehensive and easy to use, you can on one hand enable your teams to be their most productive while on the other safeguard your enterprise from unnecessary security exposure all without breaking a sweat.
This stat comes from the industry report we published earlier this year: The Immense Risk of Unmanaged SaaS Data Access. It’s a great read. We recommend you check it out.
Just as is with the cloud, securing SaaS is a shared responsibility. Providers are responsible for ensuring the security of their platforms, but there is an onus on the organization consuming the service to protect themselves from data overexposure and exfiltration, as well as cyber breaches and attacks.
In this blog we are going to focus on three of the most widely adopted SaaS applications, based on revenue and growth, as well as just general popularity. We will highlight the pitfalls and security gaps (note: these apps are not inherently insecure!), and how DoControl can help deliver a single, unified strategy to SaaS application security and reduce the risk of both data exfiltration and cyberattacks.