SaaS Security Is Now Accessible and Affordable for Everyone

Nov 02, 2023The Hacker NewsSaaS Security / Software

SaaS Security

This new product offers SaaS discovery and risk assessment combined with a free user access review in a unique “freemium” model

Securing the use of SaaS by employees is becoming increasingly important for most cloud-based organizations. While many tools are available to meet this need, they often use different methods and technologies, leading to unnecessary confusion and complexity. Enter the new “Security Wing”Important SSPM“(SaaS Security Posture Management) tool, which aims to simplify the process of securing the use of SaaS throughout the organization. Its business method is simple: self-onboard, try the product, and if impressed, upgrade to unlock more important security capabilities.

How important is SaaS security?

According to Wing, three basic but fundamental capabilities are required for organizations looking to secure their SaaS: discovery, assessment, and control. It complies with regulatory security standards such as ISO 27001 and SOC, which promotes vendor and third-party risk assessment programs, as well as user access control to critical tools in business.

1. Discover: You can’t be sure of what you can’t see

Shadow IT is not a novel issue but an evolving one. With the continued growth in the use of SaaS and the ability of users to bypass security policies such as MFA and SSO when onboarding SaaS applications, the new face of shadow IT is based on SaaS. The process is simple: employees need to complete a business task and often need a tool to speed it up. They’re looking for a solution online, using company credentials to log in, especially when most services don’t require credit card information to get started. SaaS, as a modern supply chain, clearly requires a security solution due to its decentralized and unmanaged nature.

SaaS Security
Wing’s SaaS discovery

2. Risk assessment: Not all risks are equal, saving valuable time

Once the shadow element is resolved, organizations are left with a large list of applications, often numbering in the thousands. This begs the question: what now? Without an automated method to assess the risks associated with all SaaS applications involved in the organization, exposing shadow SaaS can be more confusing and burdensome than helpful. This highlights the importance of assessing the security status of these applications and determining a baseline that requires attention.

SaaS discovery should be accompanied by some degree of vendor or third-party risk assessment. Wing’s new product tier combines SaaS discovery with an automated process for determining an application’s SaaS security score. This risk information is drawn from an extensive SaaS database of more than 280,000 SaaS records, cross-checked with data from hundreds of Wing users and their SaaS environments. Paying customers benefit from broader and deeper SaaS risk assessments, including near-real-time threat intelligence alerts.

3. Control: Ensure that users have only necessary access

Discovering all the SaaS used (and not used) and understanding their risks is only half the battle; the other half includes SaaS users. They give applications access and permissions to company data, making choices about read/write permissions for many of the applications they use. In general, every employee uses 28 SaaS applications at any timethat translates into hundreds, if not thousands, of SaaS applications that have access to company data.

Conducting periodic user access reviews of business critical applications is not only a regulatory requirement but also recommended to maintain a secure posture. Controlling who has access to which application prevents sensitive data from falling into the wrong hands and reduces potential face attacks, as employees are often the first target of malicious actors. A long list of users and their permissions and roles in different applications can be overwhelming, so Wing helps prioritize users based on their permissions, their roles and by encourage the least concept of privilege. This ensures that all users, except approved admins, have only basic access to SaaS applications.

Wing User Access Review

In summary – These three capabilities are essential for starting a proper SaaS security program, but they do not guarantee complete coverage or control. Mature security organizations need more. Data security features, automated remediation channels and more control over user privileges and behavior are only possible with Wing’s full solution. As such, it’s an important starting point for organizations that don’t yet have SaaS security or are wondering which tools and methods to start with.

How is this different from a POC or interactive demo?

This new “try first, pay later” approach differs from the typical POC in particular in that it is completely untouched. Users can self-board the product by agreeing to Wing’s legal conditions, without having to interact with a human representative or sales staff, unless they want to. While the free product is intended to be limited in features and capabilities, it provides a starting point for those interested in or looking for SaaS security. Unlike online demos, this process involves actual processing of your data and can actually improve your security posture by providing visibility into your company’s real SaaS usage and by allowing you to evaluate weigh the size of your SaaS attack surface. A freemium approach to security-related products is not common, making it an opportunity for those who like try the product before committing.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Leave a comment