1% users can take down their organization because they account for 75% cloud risk, according to a CISCO study. And this disproportionate risk is consistent across financial services, education, government, manufacturing, retail and other industries.
What these 1% users have in common are privileges to own and share business critical and customer sensitive data.
If you’re an organization relying on SaaS solutions to run business processes, your 1% of users with privileged access to critical SaaS solutions have complete and unrestricted access to sensitive data. This means if they accidentally or purposefully share data access or get their account compromised, the organization's crown jewels will be exposed. There’s no need to second guess where the data is:
Customer contracts and information are stored in sales & marketing solutions such as Salesforce, HubSpot, pipedrive;
Employees generally log in to SaaS solutions using their corporate email addresses and people tend to use the same password for everything, whether for personal or work. It is not inconceivable for hackers to obtain leaked usernames and passwords from the dark web and try them against SaaS solutions a company is known to use. Not to mention there are always internal threats whether malicious or just careless mistakes, that will put your entire organization at risk. Anthony Levandowski’s trade secret extraction from Google before he left is a high-profiled example.
How quickly can you identify users with privileged access to critical SaaS solutions in your organization? Do they have the necessary security protection enabled? How do you keep track of changes over time with people coming and leaving your organization?