Are SaaS to SaaS authorizations your biggest security blind spot?
Data often flows between SaaS platforms without anyone knowing. Find out how to detect unknown SaaS to SaaS authorizations.
What is a SaaS to SaaS authorization?
A few weeks ago in the post announcing the new feature for Detexian of detecting malicious Azure applications, we introduced the idea of SaaS to SaaS authorizations. Based on the feedback to that post, we’re expanding this topic now.
At its most basic, a SaaS to SaaS authorisation is a connection from one SaaS solution to another in order to access or manipulate data. This may be as simple as connecting Google Sheets to your Salesforce to do some pivot tables or as complex as integrating ServiceNow to Notion to update a Kanban board based on cases.
Many of these SaaS platforms support native integration to each other. In the Google Sheets example above, this functionality is built into Google’s product and also supported by Salesforce. For many smaller SaaS solutions, native connectivity isn’t naturally supported, and hence the task of integrating them falls to third-party integration and automation engines such as Zapier and Tray.io.
These integrations can be incredibly powerful and bring significant value to an organization by enriching data and unlocking SaaS functionality that is already being paid for. As previously mentioned, these integrations can introduce new risks to an organization if:
Business critical and customer sensitive data gets copied to a SaaS solution without any visibility or controls applied;
If the integration is via a third-party provider, they may also have access and authorization to access data.
Business User managed vs IT Administrator managed integrations
In the modern workplace, business teams choose, procure and operate SaaS solutions. Because of this decentralised ownership model, the IT team strongly prefers all SaaS to SaaS integrations to be brokered by a managed middleware platform. This gives them visibility, oversight and freedom to de-couple solutions as the business teams require.
The blind spot for these organizations are the SaaS to SaaS integrations that business users authorize themselves without the involvement of IT and managed middleware platforms. Getting visibility and oversight of these is the best method to reduce or eliminate the risks above.
How can Detexian help?
Detexian can reduce the risks of SaaS to SaaS authorizations by business users:
Discovery of current SaaS to SaaS authorizations
Detection of both Business User and IT Administrator authorizations;
Detection of data accessible with each authorization, with excessive access being highlighted and notified;
Continuous monitoring and detection of new authorizations being registered and consented.
Find out how you can detect SaaS to SaaS authorizations in minutes and keep track of changes at all times. Inquire now for a free trial.