Many SaaS tools were created without the needs of Enterprise priorities in mind. Key in this are a security blanket for the Data that is often shared in the most popular SaaS apps like Slack, Google Drive, Box, Microsoft Teams and many others. Read on to see how security teams manage this risk.
Gain Control of Your SaaS Sprawl
Research from DoControl found that the average 1,000-person company using software-as-a-service (SaaS) applications exposes its data to between 1,000 and 15,000 external collaborators. On average, between 200 and 3,000 companies also have access to any one company’s data, while some 20% of a typical organization’s SaaS files are shared internally to anyone who can click a link. Collaboration tools like Slack accelerate this issue because sharing direct links from Google Docs and other embedded apps makes it easy to access files.
What makes matters worse, says Brian Mannion, chief legal officer at Aware, is when the IT department doesn't know people in the company are using a tool, meaning it's a lot harder to control the environment.
"What companies want to do is give employees the tools that they need, make them user-friendly, make them accessible, but still have the controls necessary so they can manage the application and do all the things most enterprises have gotten really good at — like making sure that they have been patched and that they have access controls," he says.
Companies need a mechanism where they can manage documents and files continuously, adds Adam Gavish, co-founder and CEO at DoControl.
"So for example, if somebody shared a document in Slack externally, we'll ask them if they really need the document," he explains. "If the employee doesn't respond in two or three days, we will delete it. If they say they still need the document, we'll give them another 30 days and then we’ll delete it."