5 Ways to Ensure Security and Compliance of Your SaaS Portfolio
The last year has fundamentally changed how we work and where we work. Companies are needing to adjust to workforces that are entirely remote, leading to new concerns around security and compliance. IT leaders need to find new ways to ensure governance with fewer employees behind the firewall in headquarters.
How can you make sure that your tools and data are secure and compliant? This problem gets even harder with the growth of SaaS applications.
Many SaaS applications can be bought with a credit card without a centralized procurement process. 61% of companies have over 100 SaaS applications, with large enterprises like Uber having over 1,000. You need new ways to ensure oversight and governance.
SaaS management platforms can help provide a comprehensive view of your applications and help you minimize your risk. Read below how we can help you tackle five critical areas around your SaaS risk:
- Uncovering Shadow IT
- Maximizing SSO Coverage
- Ensuring Application Compliance
- Managing Admin Access
- Controlling Data Leakage
Uncovering Shadow IT
What applications do you have? It’s a simple question, but a difficult one to answer.
Sumit Johar, CIO of MobileIron talked about how they would do three-week audits every quarter to try and answer this question. When MobileIron installed Productiv, they discovered 30-35 apps they had never ever heard of before.
As Sumit described: “Before Productiv, we had a pretty good control on the critical apps that IT is closely involved with. But the risk lies with the ones that they don’t manage or the ones that skipped the assessment step somehow. For a long time, we didn’t even know the size of the problem.”
SaaS management tools are critical in helping find applications that have been orphaned, pose security risks, or simply add extra costs.
Maximizing SSO Coverage
Once you have a full view of all applications, including shadow IT, the next important question centers around which applications may pose risks.
Which applications are behind SSO? Are there any potential data concerns?
Productiv highlights discovered applications that are not behind SSO. Now, you can start to review and prioritize which apps should be behind SSO.
Jim Fazzone from HashiCorp leverages this feature to determine which applications represent the biggest risk. He can easily click one level deeper to see information such as how much an app costs, which teams are using it, and the stakeholder who purchased it. For example, if he sees a sales app that includes potential customer data, then he may work with that department to purchase a higher license tier and get it behind SSO. The end result is more apps and more data that are secure.
Ensuring Application Compliance
Security and risk go beyond shadow IT. Another key element is making sure your apps are compliant and that your data is being handled properly.
For example, if your company is preparing for an audit, you need to know which applications are not SOC2 compliant. Or if you are expanding to Europe, you need to know which of your apps are GDPR compliant. All of these are important to make sure you minimize any risk or exposure to your company.
Productiv includes compliance certifications for all of your apps within the organization. With a simple click, you can sort which apps are compliant for CCPA, FedRAMP, Fisma, GDPR, ISO27001, SOC2 and Swiss-US Privacy Shield. Quickly determine if any apps pose a risk for the organization or represent data concerns.
Controlling Data Leakage
Every company has concerns on data leakage. This problem only gets bigger with more SaaS applications and an increasingly remote workforce.
What applications are employees using to share documents? How can you limit risk around data leakage?
Productiv allows you to see specific feature usage of your SaaS apps and limit exposure. You can dive into each application and monitor any concerns on how it is being used. For example, you can see how many people are sharing vs viewing docs on Google Drive. If any application feature represents a potential concern, you can work with departments or improve training on how to use each application.
Managing Admin Access
Finally, you want to know who has access to your data and your apps.
What happens when someone leaves the company? Do they still have access to sensitive information? Did you de-provision them the day they left?
Productiv lets you see all apps that an employee has access to, and easily review admin access to every app. In many cases, you can de-provision directly from Productiv, making the process even simpler. Now you can feel confident that your apps, your data, and your access are all secure.
SaaS is becoming a critical driver for many businesses. The number of applications will likely only increase in the future, and you need to ensure that you are effectively managing risk.
A SaaS management tool like Productiv can help in several critical ways. IT will become a key player in managing this risk and helping the rest of the company. As Sumit Johar, CIO of MobileIron says, “Although CIO’s aren’t involved in buying every service, they still have a responsibility to the overall IT stack cost and risk.”
To learn more about how Productiv can help you manage your risk and security. See How Productiv Works.