Eliminating SaaS Shadow IT is Now Available via a Self-Service Product, Free of Charge

We Keep you Connected

Eliminating SaaS Shadow IT is Now Available via a Self-Service Product, Free of Charge

The use of software as a service (SaaS) is experiencing rapid growth and shows no signs of slowing down. Its decentralized and easy-to-use nature is beneficial for increasing employee productivity, but it also poses many security and IT challenges. Keeping track of all the SaaS applications that have been granted access to an organization’s data is a difficult task. Understanding the risks that SaaS applications pose is just as important, but it can be challenging to secure what cannot be seen.
Many organizations have implemented access management solutions, but these are limited in visibility to only pre-approved applications. The average medium-sized organization has hundreds, and sometimes thousands, of SaaS applications that have been adopted by employees who needed a quick and easy solution or found a free version, completely bypassing IT and security. This leads to a significant risk as many of these applications do not have the necessary security and/or compliance standards and yet, they have permissions into the organization.

The risks associated with SaaS Shadow IT have become more prevalent in recent years due to the widespread use of SaaS within organizations. However, many of the security solutions that were available in the past focused on making security teams aware of the problem, rather than providing in-product or automated remediation capabilities. Indeed, the first step in addressing SaaS-related risks is to have a clear understanding of the SaaS stack in use within the organization. This information should be easily accessible and just as simple to navigate as the SaaS applications themselves.
To help security teams gain proper visibility and understanding of the risks associated with the growing use of SaaS, Wing Security (Wing) has decided to offer its SaaS Discovery tool as a free, self-service product, as can be seen here. The company aims to provide security teams with a comprehensive view and better understanding of the SaaS applications used within their organization, regardless of their size or the size of their budget.
Understanding that modern security solutions should not be intrusive in any way is at the core of Wing Security’s new offering. To map out an organization’s use of SaaS applications, Wing connects to major, IT-approved SaaS applications using APIs. These are applications that are commonly used in almost every environment, such as Google, Office 365, Salesforce, GitHub, and Slack, to name a few.
Wing is then able to map out all the SaaS applications that are connected to these applications and the ones connected to them. SaaS applications are interconnected in a giant mesh, creating a “shadow network” of connections. This shadow network is used by Wing to map out applications, but it can also be a security concern as it can be used for lateral movement within the organization. In its full enterprise offering, Wing also maps out all the users who use these applications, the data that resides in and between these applications, and provides near-real-time security alerts when an application in use is compromised.
Keeping in tune with Wing Security’s non-intrusive Discovery, the Wing Security Free edition requires very basic permissions which can be granted by the organization’s super admin.
Most of the required permissions are read-only. There is one permission within Google that requires a ‘manage’ access, asked in order for Wing to provide visibility into the tokens that users issued to 3rd party apps. Wing Security mentions on the relevant product page that keeping the customers’ data safe is a priority and provides the compliances they have in place for data security.
While the term SaaS traditionally stood for Software as a Service, not all SaaS these days is always paid for as use of the word ‘Service’ might imply. There are 3 types of common SaaS used these days:
While these are the 3 main types of SaaS applications, they are more like markers on a spectrum. SaaS applications regularly move up and down this spectrum as the companies grow and evolve. But as long as these applications are logged into using the organization’s email, they’ll be discovered by Wing Security Free Discovery.
Wing Security’s paid version is called the Wing Security Enterprise edition, which includes everything from the Free edition, as well as:
In summary, Wing Security’s new tool addresses the growing use of SaaS and the security and IT challenges it poses, by tracking the SaaS applications that have been granted access to an organization’s data. The free edition includes a quick and easy self-onboarding process, a friendly dashboard view of the SaaS applications in use, risky applications notice, compliance and permissions information, and a reputation score for each application. The tool uses a non-intrusive method, connecting to major IT-approved SaaS applications using APIs, to map out an organization’s use of SaaS applications without causing any disruption.
For more information on Wing Security’s new Free SaaS Discovery solution, click here.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.