Information Technology Blog - - Review: Tightening Your Team’s Cyber Defenses With Torii’s SaaS Management Solution - Information Technology Blog
While most managers enthusiastically believe that adopting SaaS tools paves the way for success, IT managers have a different stance – and rightly so. The widespread use of shadow IT in the organization emerging from unsanctioned SaaS usage is alarming, to say the least.
Of course, unsanctioned SaaS usage is only one type of shadow IT. In fact, shadow IT includes any app or device that’s used in a company without the approval or knowledge of the IT department. But given how easy it is for anyone to sign up for and start using web apps, sometimes with no payment and usually with no client-side installations involved, SaaS is one of the most common and dangerous types of shadow IT.
In addition, SaaS is potentially more vulnerable than other software types, because you have less control over, and visibility into, the software provider’s servers and how the app’s data is transferred and protected. If a server is hacked or a file upload intercepted, all other machines and services connected to the app’s servers are also at risk.
Securing endpoints and shared resources is a lot of work, and when team members connect to apps with their browsers and grant the apps access to sensitive information, it’s difficult for IT departments to even know that these potentially huge security gaps exist – let alone take action against them.
Helping to close these gaps is Torii, a standalone SaaS management tool that helps IT managers improve their companies’ cybersecurity and privacy regulation compliance.
Torii enhances visibility into the company’s SaaS stacks, allows IT managers to proactively control the life cycles of the SaaS apps in use, makes reporting and planning easier, and empowers IT managers to create and automate routine workflows.
Let’s take a closer look at three key ways that Torii’s platform does this.
Run Regular Audits and Ongoing Risk Analyses
With thousands of SaaS apps available online, you need to make sure that your organization doesn’t run the risk of cybersecurity, governance, and compliance issues associated with the apps your team uses to get their jobs done.
Torii collects information about SaaS app usage in your software ecosystem through different sources:
- It starts with web browser extensions that help you track app usage in a privacy-friendly way. It also offers integration with Single Sign On (SSO) identity management platforms such as G-Suite or Okta. This way, when an employee uses these user accounts to sign in to SaaS apps, Torii knows what’s going on.
- Moreover, if you use an enterprise resource planning solution (such as NetSuite), you can automatically import data including credit card statements, invoices, and other transaction records to Torii using API integration.
- However, if you use some other solution or if any information isn’t getting picked up by Torii, you can simply download a CSV file of your organization’s credit card transactions and upload it to the platform.
Within minutes of setting up any or all of these secure data collection channels, Torii will have mapped out your company’s SaaS ecosystem, providing you with several ways to view and act upon relevant information.
Using Torii, you can perform effective risk analyses in your organization’s IT ecosystem and use that information to preemptively mitigate any security risks. When people in your organization sign up for SaaS apps, they’re often asked to grant permissions, so that apps may access your company’s calendars, contacts, or permission to read and send emails in your place.
This can expose your organization to potentially huge security and regulatory threats. But Torii makes it easy for IT managers to see all granted permissions, which helps you secure your organization’s IT ecosystem.
What’s more, Torii’s access management capabilities enable you to make sure that only relevant users can access the apps they need. This helps you keep your important data safe, enforce privacy guidelines, and meet compliance guidelines.
But getting back to the dangers of sharing resources with SaaS apps, it’s important to note that Torii allows you to assess risk levels at a glance, without necessarily drilling down into the details of the permissions granted. Torii does this by assigning risk levels to apps on the basis of the permissions they usually ask for. Torii keeps an updated record of the SaaS market and is capable of automatically assigning a risk level (low, medium or high) to each app in your organization’s stack.
You’ll be able to view the risk level of each app in the “Risk Analysis” reports section.
Although not directly regarding cybersecurity, it’s also worth mentioning that Torii helps you stay informed and better manage your organization’s software stack holistically, in terms of license life cycles and expense planning.
This allows you to keep track of your organization’s app usage and stay on top of budgets.
Cultivate a Culture of Accountability
Torii enables IT managers to easily identify app owners (usually the user who initially registered for the app) by viewing the app icons in the “Owner of” section.
As a result, they can quickly reach out to the right person whenever needed, minimizing the threat of shadow IT. So, for instance, if a user installs a potentially malicious app, the IT department will be able to immediately contact the app owner and prevent a similar scenario from happening in the future.
Assigning an “owner” for each SaaS product helps to associate the product with the team that’s most likely to use it and with the person who can serve as a kind of gatekeeper between the team and IT. And if you need to speak with someone about potentially taking an app out of circulation, or replacing it with one that integrates better with the rest of the company’s stack, for example, then you know who to turn to.
Torii allows you to cancel an employee’s access to specific apps by asking them to voluntarily withdraw their license. Alternately, you can forcefully cancel that user’s app ownership using the built-in, one-click offboarding tool.
This is especially useful in scenarios where the app owner is on long-term leave, is no longer employed by the organization, or doesn’t respond on time.
Additionally, Torii keeps you informed about each user who enters your IT ecosystem by keeping a complete record of three different types of user accounts: past users, current users, and external users.
Create Powerful Automated Workflows
Torii gives you access to powerful alerts and workflow automation tools to help you improve productivity. This includes speeding up SaaS sanctioning tasks and making the onboarding and offboarding processes more efficient and less error-prone.
You may never be able to stop people from using unsanctioned SaaS products, but using Torii’s alerts and processes, you can minimize your response times between app adoption and taking action. For example, you can configure a workflow in a way that whenever a new app is detected in your IT ecosystem, Torii will fire off an alert to the IT manager and a questionnaire about the app to its “owner.”
IT managers can access these features by going to the Automations > Workflows section in the Torii dashboard. They can either use an existing workflow or create a new workflow.
It only takes a couple of minutes to create a workflow in Torii. To get started, you’ll have to choose a trigger:
- New app discovered
- License not in use
- Closed app in use
So, for example, if you choose the “New app discovered” trigger to create an onboarding workflow, you can:
- Send a form to the app owner (i.e. the employee who wants to install the app) that will gather important details about the app.
- Send the app owner an email or Slack notification along with customizable text.
- Send a customizable approval request.
You can customize the onboarding form by modifying the introduction of the form and choosing the information you wish to collect from the app owner. You’ll also be able to share these form submissions with other people such as the accounts department.
You can also automate onboarding and offboarding of employees from specific apps and collections of apps.
These workflows enable you to get instant alerts when a new app is detected by Torii, thereby improving cybersecurity in your software ecosystem.
Conclusion
Shadow IT is a serious threat to your organization, as it makes sensitive data and systems vulnerable to data breaches, without the knowledge of your IT department. Although you can’t eliminate shadow IT, you can take quick action to mitigate risks.
A superior SaaS management solution like Torii can help you deal head-on with the challenges shadow IT poses. It gives you the tools you need to run risk analysis, gain visibility into your organization’s software ecosystem, and automate various SaaS management-related tasks.
The post Review: Tightening Your Team’s Cyber Defenses With Torii’s SaaS Management Solution appeared first on Information Technology Blog.
from Information Technology Blog https://ift.tt/3a7LeiS
via IFTTT
Comments
Post a Comment