SaaS Stats, Part 1: User Access Reviews

Apr 5, 2023

Apr 5, 2023

blue polygon icon

7 min

We examined the risks of identity sprawl across 46 unique enterprises, constructing a SaaS-Identity fabric and found that every organization is affected by the ever-expanding growth of SaaS and identity decentralization.

Link to Linkedin
Link to Linkedin
Link to Linkedin
Yuval Sarel, Deputy CTO & Josh Mayfield VP, Product Marketing
SaaS Stats, Part 1: User Access Reviews
This webinar will cover:

SaaS Stats, Part 1: User Access Reviews

Every day, employees are using SaaS and creating a new, dynamic identity perimeter that is the top target of attacks. This creates an identity sprawl problem that is growing bigger every day. Grip secures your enterprise identity perimeter.  

We examined the risks of identity sprawl across 46 unique enterprise SaaS-Identity attack surfaces and found that every organization is affected by the ever-expanding growth of SaaS and identity risks — from missing controls, security gaps, policy dodging, and basic inherent risk to identities in SaaS relationships.

In this series, SaaS Stats, we will explore what we found. And you can too.

Key stats for SaaS security
Figure 1.1 | Grip deploys in 10-minutes and delivers 10+ years
of SaaS-identity visibility and risk insight

Enterprise SaaS Estate

The explosion of SaaS adoption has led to unprecedented identity sprawl with some employees creating hundreds of SaaS accounts over the time. Most of these accounts are created with just an email and password, and this has now become the new perimeter for the modern enterprise. Identities are assets, not people. Identity assets are entrusted to people we call “users”. As users spread identities everywhere, it enables the ability to identify, analyze, and secure those identities, whenever and wherever SaaS is used. By examining how SaaS is consumed by identities, organizations can get a panoramic view of their SaaS-Identity attack surface. And even if the initial results are overwhelming (with an average of 2,762 apps), securing that SaaS estate can be simplified by focusing on identity — carrying security controls and policies and protections into SaaS relationships. This is a Grip trick that enables security teams to protect more than they can touch; centralizing controls and decentralizing enforcement.

Identity risk for SaaS services and apps
Figure 1.2 | Grip's SaaS-Identity Risk Index (SIRI)

Contextual Identity Risk

According to Gartner: “In an environment with assets everywhere and access from anywhere, identity and context have become the ultimate control surface”. We agree. Upon examining the context (SaaS) and identities in SaaS relationships, we can develop what Gartner calls “the ultimate control surface”. However, many traditional controls have fallen short, not because of ineffective tech or tooling for identities, but because the context changed. Most identities consume most SaaS services outside the direct control or oversight of IT and security teams. In fact, KPMG has estimated that 85% of SaaS services will be business-led SaaS — characterized by business groups identifying, sourcing, and servicing their own SaaS services and apps, outside the direct control of IT.  

With this context-change in mind, you can see how we found 97 unique SaaS services with missing controls and a SaaS Identity Risk Index (SIRI) of less than 50. Risk is compounded when several missing controls occur together, enabling exploit chains from eroded traditional gateways like single sign-on (SSO), multi-factor authentication (MFA), password rotation, justified use/authorization, and dangling access. This is an emergent phenomenon, made possible by entrusted users spreading identities to tools to get their job done and a strategy that intends decentralized responsibility for SaaS in the organization.

Figure 1.3 | Grip SSCP pinpoints identity vulnerabilities,
abuses of service, and exploit chains.

Past, Present, and Future

One of the key aspects of Grip’s discovery is taking the historic perspective, looking back through time to pinpoint SaaS-Identity relationships and track their use to the present day. Additionally, Grip’s continuous discovery captures new SaaS coming into the environment via identity assets (username, email). While a person’s permitted use of a corporate identity, 72% of identities will fall into risky SaaS relationships. But, by maintaining a steady view on the SaaS-Identity attack surface, security teams can safeguard identities without disrupting business-led IT strategies or user choice.  

Enterprise security depends on identity security. In today's digital enterprise, identity threats are on the rise, and the need for robust security measures to protect enterprise identity assets has become essential. Identities are assets, not people — and identity assets are uniquely entrusted to custodians we call “users”. The challenge for identity security is to enable protection for identities whenever and wherever users take them, shielding identities from exploit and toxic combinations that are key targets for cybercriminals.

Grip User Access Reviews

Grip’s mission is to empower every security team to safeguard identities and SaaS services — customers and clouds, employees and websites, partners and portals, users and apps — anyone and anything. Grip SSCP discovers, graphs, and checks your SaaS identity attack surface and mitigates SaaS-Identity risk with automated workflows and simple integrations across the security ecosystem. With Grip, organizations can safeguard identities, whenever and wherever SaaS is used.

Here, we will spotlight one of Grip’s key features in Report Center, User Access Reviews: on-demand insights to streamline compliance, reporting, and mitigate identity risks — anywhere, everywhere, and on-demand.

Key Capabilities  

Compliance-driven User Access Reviews

Validate compliance with standards and regulations with timed, scheduled reporting to know which SaaS are used, by who, and which security mitigations are working.  

On-demand Access Awareness

Get complete visibility to SaaS with exposures to specific assets, automatically prioritized based on the highest risk, accessibility, and impact of compromised access.  

Respond to Threats, Anywhere and Everywhere

Identify usage of breached or compromised SaaS services, relevant to your organization based on continuous discovery, pivoting to similar SaaS services or those susceptible to SaaS lateral movement — validating protection for all identities, whenever and wherever SaaS is used.

Key Benefits

Dissect User Access Like Never Before

Get insight from out-of-the-box reports calibrated to key SaaS types, assets, and capabilities across all users — including SaaS services with risky functions like file sharing, financial data, and privacy risks to sensitive data. Cross-reference SaaS with exposures to specific assets and users engaged with those apps, including authentication methods used and missing controls. Remove duplicate SaaS functions and capabilities by pinpointing key capabilities shared across SaaS, reducing duplicative SaaS and reining in identity sprawl.

SaaS Identity User Access Review
Figure 1.4 | Grip SSCP: User Access Reviews

Supercharged Operational Efficiency

Track real-world SaaS usage, pinned to groups associated with one or multiple SaaS services, including billing, payments, and administrative business units. Carve out the riskiest identity-SaaS relationships with one-click visibility to dangerous and toxic combinations of SaaS and identity exposures before they become exploits. Harness on-demand reporting and search queries across the enterprise SaaS layer, or schedule time-based reports for compliance attestation to be always audit-ready.

SaaS Identity Risk Assessment Map SaaS and Identity Usage, Attack Surface
Get started with a free SaaS Identity Risk Assessment

Grip empowers security teams to impact more than they can touch; giving them a panoramic lens to discover their unique identity fabric and the power to infuse security to identities to achieve secure outcomes whenever and wherever their organization’s identities are used.

That’s why leading organizations choose Grip for universal identity security in every SaaS connection — past, present, and future.

Get started with a free SaaS Identity Risk Assessment.

In this webinar:
See More
See more
Fill out the form and watch webinar
Oops! Something went wrong while submitting the form.
Register now and save your seat!
Registration successful!
Webinar link will be sent to your email soon
Oops! Something went wrong while submitting the form.
In this webinar:
See More
See more

Talk to an Expert

Request a consultation and receive more information about how you can gain visibility to shadow IT and control access to these apps.

Your request has been sent
Oops! Something went wrong while submitting the form.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.