In today’s world, SaaS is a critical part of the enterprise work environment, as companies utilize hundreds of SaaS applications, spanning nearly every team and department. There is an ever-growing shift towards SaaS usage, one that will only increase in the coming years, and will thus result in the widespread adoption of new applications and increased sensitive data spread outside organizational networks and, instead, into third party applications. With the rising Work From Home (WFH) and Bring Your Own Device (BYOD) trends, new realities will only intensify how SaaS shapes the business landscape– and as a result, the security challenges they face.
From a security perspective, SaaS disrupts the long-standing paradigm of how enterprises implement security. Traditional tools such as VPNs, Firewalls and DLPs, used to protect software usage, rely on the existence of “secure perimeters”, being the corporate network. Within those boundaries, data essentially travels freely, with security tools deployed to monitor both the exfiltration of data outside the secure perimeter, and the blockage of malicious entities from coming inside. These security tools operate under the assumption that companies’ security and IT teams will function as network gatekeepers, continuously inspecting incoming data and installing security sentinels on corporate assets.
SaaS adoption, increasing shift to the cloud, and WFH and BYOD practices do not abide by such rules. As opposed to traditional enterprise software, no step in the SaaS consumption lifecycle is similar – from the initial adoption to ongoing usage and sunsetting, resulting in an innumerable amount of unknown security risks and potential open endpoints.
That’s why I’m so excited to introduce to you Grip Security. Following a $6M seed round led by YL Ventures, Grip Security is going to revolutionize how we perceive and implement SaaS Security, from adoption to usage to sunsetting.
Before SaaS, software adoption was a well structured process - going through risk assessments, compliance verification, and security configurations. IT and security teams were tasked with both installing and maintaining the software’s servers, blocking unapproved applications from penetrating the organization. With SaaS, this process no longer holds true; employees can now bypass the official, tiresome process to register to a new application within minutes, even using a company credit card. As a result, the organization is faced with a “Shadow SaaS” , a situation in which dozens or even hundreds of undocumented, unapproved applications are in use. Even after discovery, the distributed management of applications has dispersed to “Local Administrators”, who act as roadblocks for IT teams to properly manage, configure the applications and secure their use.
When we decided to start Grip Security, it became clear that the first step would be enabling enterprises to see the big picture: every application, known or unknown, in the SaaS portfolio. After all, visibility problems must be addressed first in order to address other security challenges in growing SaaS environments. Grip’s comprehensive solution resolves the issue of visibility by giving security and IT teams full visibility across the entire SaaS portfolio, including shadow instances and users. Using our novel approach to SaaS discovery, Grip shines the industry’s most comprehensive light across known or unknown apps and users, with extreme accuracy, simple deployment, with zero network or device friction.
SaaS is internet accessible, and that’s a big deal. Legacy security paradigms assume enterprise software and data reside within the enterprise’s perimeter. Many security tools are designed to support this structure: VPNs control external access to this perimeter, CASBs monitor traffic exiting the network, and DLP prevents data from leaving it. But how can traditional assumptions apply to SaaS? When using SaaS, by design, sensitive data is uploaded to third party services, which are accessible to anyone. This is just how SaaS operates.
We don’t want to fight SaaS technology as it brings tremendous value and efficiency to businesses, but, in order to maximize the benefits and minimize the risks associated with SaaS usage, we must change our definition of DLP. Instead of preventing data uploads outside our network, we should monitor data types, volumes and flows between different apps, corporate devices, and private devices. We should embrace public cloud accessibility to data and renounce network based controls. Too much effort is invested in configuring CASBs and Web Gateways to limit data movement from the corporate network, especially when we know they can be easily bypassed by any employee taking their phone out of their pocket. For example, if a Dropbox, Marketo, or Slack password is stolen, no network control can save you. Malicious entities don’t use the corporate network to access SaaS, so why should we rely on it for
Cue Grip. Grip revolutionizes how we look at SaaS Security by safeguarding all SaaS application access, regardless of device or location. Grip channels and unites access across every user and device to secure the entire SaaS portfolio--without requiring incremental resourcing or performance degradation. With it, CISOs and security teams are automatically involved in governing SaaS, without becoming a roadblock.
If a tree falls in a forest and no one is around to hear it, does it make a sound? If all users of a SaaS application left the company, is it still useful to the organization? And if not - should our data still be stored within it?
IT teams can no longer shut down a database or a server, sunsetting an application with a single click. They can no longer rely on VPN-IDAS connections to prevent access after a user has been terminated. The fact is that some users of shadow SaaS instances will never be removed, and will always be accessible.
By creating automated workflows, Grip has a solution to this challenge as well, enabling security teams by accelerating SaaS IdP integration, consolidating administrator interaction, and unifying user offboarding to the whole SaaS portfolio.
The SaaS sprawl has changed security paradigms, and as a result, enterprises must change as well in order to keep up with technological advancements. Technology innovation is our only hope of maintaining a strict, low frictioned and scalable security program. Now is the time to get a Grip on the burgeoning and chaotic SaaS ecosystem.
We encourage you to join our revolution - check out our demo, or request a free SaaS assessment. Get a Grip on your SaaS.