The company, a well-known fintech and financial services organization, underwent a rapid transformation that posed significant security challenges in terms of accessing SaaS apps and services outside the direct control or over sight of the security team.
Only Grip could enable my team to secure more thanwe could touch — shielding identities from threats andmaintaining compliance. Now, discovering andmitigating identity-SaaS risks gets done in one placeand in minutes, not months.
VP Information Security
This presented a challenge, as the company faced the issue of users frequently changing roles, responsibilities, or departing the organization, while new employees and teams pushed the organization’s identity attack surface to hundreds of SaaS services, most of which were unknown, unguarded, and unmanaged.
The company also had to mitigate identity risks associated with a massive number of SaaS services, with an average of 109 new apps added every year. At the same time, The organization was expanding its service lines and its financial products for renters and operators, leading to a complex and diverse set of SaaS services within each business initiative and group.
Centralize Identity Discovery and Offboarding
The company chose Grip to give its security teams on-demand insights into identities using web apps, SaaS services, and cloud accounts. With Grip, the company’s security team can uncover federated and unfederated SaaS accounts and automate offboarding for risky SaaS services, dangling access, zombie accounts, and tenant redundancy in just a few clicks.
The same workflows are now being applied to SaaS breach response. When SaaS providers or web services experience a breach, The company’s security team can instantly see if and where they are affected, and secure identities and access to the compromised SaaS and web apps.
Responding to Identity Attacks
For the company, visibility to the global identity attack surface is crucial. Grip provided the security team with relevant, actionable insights into risks that matter, prioritizing mitigations for each SaaS app's inherent risk and access controls for each user of the SaaS service. This helped the company to stay ahead of cyber threats and ensure the protection of its identities and assets.
Cyber-attacks against identities and SaaS breaches are on the rise. As with the 0ktapus threat campaign targeted SaaS services, and phishing, smishing, and vishing schemes impacted popular services like Twilio, Uber, Dropbox, and CircleCI, among others, the identity attack surface has never been more exposed for the company, too.
In such cases, their security team can now quickly identify, and pinpoint identities exposed to a compromised SaaS service, without waiting for identities to be exploited by “an event”.The company’s Vice President for Information Security echoed the need for SaaS security to be identity-first: “The only way to manage SaaS security at scale is to focus on identity as the only available constant in every SaaS account.
At the company, we want to secure the workforce, not block them. But our SaaS Identity risk landscape is often hidden as our typical business philosophy enables users to have choice. Grip eliminated that struggle with continuous line-of-sight to secure identities and SaaS from one place, and its ability to automate routine and response tasks.”
Mitigating SaaS Sprawl Risk
The company recognized the need to contain identity and SaaSsprawl. Grip's panoramic view of all SaaS usage, without proxies,agents, or user disruptions, helped them to do just that.
With just a 10-minute deployment, Grip uncovered hundreds of previously unknown SaaS accounts, abandoned credentials, and dangling access for former employees. By finding these risks, The company’s security team was able to prioritize risks for remediation and implement consistent playbooks as their SaaS-Identity risk landscape evolves.
For the company, SaaS and identity security are inextricably linked.And the challenge is only getting more complex with the proliferation of SaaS applications and the increasing sophistication of cyber threats — specifically targeting employee accounts to SaaS services that have become essential for running a digital enterprise.
By adopting Grip, the security team can mitigate and control the worldwide SaaS identity risk landscape, prioritize risks that matter, and curb risk or respond to cyber-attacksDownload PDF