Key takeaways from “Modern workplace SaaS risks” webinar
Detexian had the pleasure to host a panel discussion with
Ian Cameron, Executive Manager Cyber Security Strategy & Governance at IAG,
Ashish Rajan, Head of Security & Compliance at PageUp,
Damian Fasciani, Director of Technology at Culture Amp.
The topic of discussion was centered around opportunities and challenges arising from fast-paced SaaS adoption across businesses and industries, and how the role of IT has evolved as a result.
The perspectives from the panelists were notably diverse:
Ian with a long cybersecurity career with multiple regulated entities has seen the transition from on-premise to IaaS / SaaS happen;
Ashish is used to hybrid environments, and in companies developing software to use themselves in addition to using third-party apps;
Damian’s expertise comes from leading technology implementation at born-in-the-cloud companies that “grow at scale and move at pace with SaaS”.
SaaS adoption is a worldwide phenomenon across industries and businesses. Business teams procure and manage SaaS. IT no longer centrally manages technology. In modern workplaces, there is significant diversity with SaaS applications, many of which have unique security models.
“By 2024, 70% of IT organizations will lack the relevant roles, skills and tools to support SaaS-enabled digital transformation” - Gartner.
For SaaS-dependent organisations, it’s become increasingly challenging to answer questions such as:
Who’s got access to which SaaS apps and at what level of privileges?
Is there sensitive data stored in SaaS apps?
Are users sharing data with external parties?
Do users have MFA turned on for their accounts?
The evolving role of IT as trusted advisor
The role of IT teams has significantly evolved in the last 10 years, from maintaining the infrastructure and saying Yes and No to solving business problems as part of adopting new technologies.
In cloud-first organisations, IT teams are trusted advisers and technology consultants, helping business teams to focus on the right things, e.g. identity access management, integrations and data flow between SaaS apps. IT teams need to be able to tell the business the story as to why they’re there and the services they provide, to entice business teams to trust them.
Team-specific SaaS solutions, not centrally managed by IT:
Lack of observability
Lack of privileged access oversight
Manual auditing and compliance
Configuration management across SaaS footprints
Lack of single pane of glass that interrogates security configuration and identifies opportunities for hardening
What the panelist see in Detexian
Ian: “normalised, unified view of SaaS risk posture”, “agility, simplicity” that reduces learning time required to know security configuration of different SaaS solutions and provides insights into what to do when issues are uncovered;
Damian: “replace manual audit of SaaS apps with automation, collecting accurate data to make data-driven decisions at the Risk Committee”;
Ashish: "digitizing asset and identity management for SaaS to replace spreadsheet".
Get started with Detexian's 28 day free trial offer
Detexian is a SaaS security posture management (SSPM) solution. It is a single pane of glass across Office 365, G Suite, Atlassian, Salesforce, and other platforms, which continuously audits users’ SaaS permissions and security configurations.
Detexian eliminates SaaS risk blind spots and gives you peace of mind you need to run a safe IT operation. With Detexian, regulatory compliance is made easy. You can generate audit reports to demonstrate evidence of control effectiveness over time that your auditors and regulators want.
Detexian offers a 28 day obligation-free trial, Get started now.