Managing SaaS security risks is time-consuming and complex — even for SaaS applications sanctioned by IT and security teams.
Given that organizations nowadays use hundreds or even thousands of SaaS applications (with just as many SaaS app users), most security teams struggle to understand and control their SaaS security posture. That challenge goes way beyond understanding the full scope of SaaS applications and their utilization within the organization.
When talking to security and IT professionals about their SaaS adoption challenges we at Axonius notice a few that are very consistent — regardless of industry or company size:
- Monitoring which users have access to which SaaS applications — and how they access these apps, especially when apps are accessed via API extensions
- Tracking the access level and privileges each user has in relation to each SaaS app
- Identifying inactive or unused user accounts that haven’t been properly decommissioned
- Enforcing SaaS app access levels and removing access — especially for unknown and unsanctioned apps that “stay in the dark”. This challenge has been especially difficult for teams relying on CASB solutions, which are often unaware of unsanctioned apps.
The most effective way to deal with the complexity of SaaS today? Leverage a solution that deals with both operational and security risk management aspects together in one place.
Closing the loop between discovering and mitigating SaaS security issues with actions and automations
With the latest expansion of its remediation capabilities, Axonius SaaS Management now provides the ability to suspend suspicious or inactive user accounts, and remove discovered app-to-app connections with access to sensitive company data. By introducing controls for selected core business applications, Axonius reduces the required effort from security and Identity and Access Management (IAM) teams while ensuring quick impact in reducing the attack surface and improving the SaaS security posture.
User suspension
The introduction of the user suspension capability closes the loop between the discovery of either inactive, unused, or suspicious user accounts and the actions that can immediately be taken to suspend their access to various applications hosting sensitive corporate data. Another benefit of suspending unneeded user accounts is it allows companies to optimize SaaS spend by rightsizing licenses.
This capability further increases the benefits of leveraging the behavioral analytics capabilities within Axonius SaaS Management, with organizations now being able to detect and act on anomalies and suspicious behavior that may indicate user account compromise.
API extensions removal
Extensions or 4th-party applications that have been granted access to the organization's SaaS applications by users — either knowingly or by mistake — pose additional security risks to any organization.
Now with Axonius SaaS Management, extensions that may pose security risks can be terminated by users. This capability is critical when it comes to terminating newly discovered extensions with unapproved apps given access to various sensitive data, like email accounts, cloud drives, etc.
A common example we see is active 0auth tokens with excessive (admin) privileges that are no longer being used or expose sensitive corporate data. These extensions now can be tracked down and terminated, reducing potential data sprawl and the customer’s SaaS app attack surface.
Tokens are terminated through adapter connections to SSO/identity providers (e.g., Okta or Google Workspace), and other apps able to grant the tokens.
Workflow automations
Along with the above-mentioned remediation features, Axonius SaaS Management now provides additional ticketing and workflow automation capabilities to ensure security teams have timely alerts on various SaaS security risks around configurations, user access or behavior, and more. Axonius supports running predefined actions or sending specific data and alerts programmatically or ad hoc to specific teams and app owners via different solutions, like email clients, Slack, or workflow automation via webhook automation.
Pre-built and custom reports
To ensure continuous monitoring and easy access to top areas of interest for security and IT teams around SaaS apps, Axonius SaaS Management is also continuously expanding its portfolio of reports available within the product. The currently available pre-built and automatically updated reports include overviews of users with excessive permissions or admin credentials, inactive and unused user accounts, existing offboarding gaps, and more. These reports contain essential information for IT management and SaaS security operations, compliance, or internal reporting needs.
Axonius also allows users to leverage their saved filters into custom scheduled reports that can be sent on a recurring basis as a CSV attachment to an email or other destinations.
Controlling complexity across their entire IT environment with Axonius
Insight into SaaS risks is only so valuable without the ability to take action. The latest developments allow IT and security teams to continuously reduce the SaaS app attack surface, control SaaS access, and optimize SaaS licensing.