Skip to main content

Review: Tightening Your Team’s Cyber Defenses With Torii’s SaaS Management Solution

Information Technology Blog - - Review: Tightening Your Team’s Cyber Defenses With Torii’s SaaS Management Solution - Information Technology Blog

While most managers enthusiastically believe that adopting SaaS tools paves the way for success, IT managers have a different stance – and rightly so. The widespread use of shadow IT in the organization emerging from unsanctioned SaaS usage is alarming, to say the least.

Of course, unsanctioned SaaS usage is only one type of shadow IT. In fact, shadow IT includes any app or device that’s used in a company without the approval or knowledge of the IT department. But given how easy it is for anyone to sign up for and start using web apps, sometimes with no payment and usually with no client-side installations involved, SaaS is one of the most common and dangerous types of shadow IT.

In addition, SaaS is potentially more vulnerable than other software types, because you have less control over, and visibility into, the software provider’s servers and how the app’s data is transferred and protected. If a server is hacked or a file upload intercepted, all other machines and services connected to the app’s servers are also at risk.

Securing endpoints and shared resources is a lot of work, and when team members connect to apps with their browsers and grant the apps access to sensitive information, it’s difficult for IT departments to even know that these potentially huge security gaps exist – let alone take action against them.

Helping to close these gaps is Torii, a standalone SaaS management tool that helps IT managers improve their companies’ cybersecurity and privacy regulation compliance.

Torii enhances visibility into the company’s SaaS stacks, allows IT managers to proactively control the life cycles of the SaaS apps in use, makes reporting and planning easier, and empowers IT managers to create and automate routine workflows.

Let’s take a closer look at three key ways that Torii’s platform does this.

Run Regular Audits and Ongoing Risk Analyses

With thousands of SaaS apps available online, you need to make sure that your organization doesn’t run the risk of cybersecurity, governance, and compliance issues associated with the apps your team uses to get their jobs done.

Torii collects information about SaaS app usage in your software ecosystem through different sources:

  • It starts with web browser extensions that help you track app usage in a privacy-friendly way. It also offers integration with Single Sign On (SSO) identity management platforms such as G-Suite or Okta. This way, when an employee uses these user accounts to sign in to SaaS apps, Torii knows what’s going on.
  • Moreover, if you use an enterprise resource planning solution (such as NetSuite), you can automatically import data including credit card statements, invoices, and other transaction records to Torii using API integration.
  • However, if you use some other solution or if any information isn’t getting picked up by Torii, you can simply download a CSV file of your organization’s credit card transactions and upload it to the platform.

Within minutes of setting up any or all of these secure data collection channels, Torii will have mapped out your company’s SaaS ecosystem, providing you with several ways to view and act upon relevant information.

Using Torii, you can perform effective risk analyses in your organization’s IT ecosystem and use that information to preemptively mitigate any security risks. When people in your organization sign up for SaaS apps, they’re often asked to grant permissions, so that apps may access your company’s calendars, contacts, or permission to read and send emails in your place.

This can expose your organization to potentially huge security and regulatory threats. But Torii makes it easy for IT managers to see all granted permissions, which helps you secure your organization’s IT ecosystem.

What’s more, Torii’s access management capabilities enable you to make sure that only relevant users can access the apps they need. This helps you keep your important data safe, enforce privacy guidelines, and meet compliance guidelines.

But getting back to the dangers of sharing resources with SaaS apps, it’s important to note that Torii allows you to assess risk levels at a glance, without necessarily drilling down into the details of the permissions granted. Torii does this by assigning risk levels to apps on the basis of the permissions they usually ask for. Torii keeps an updated record of the SaaS market and is capable of automatically assigning a risk level (low, medium or high) to each app in your organization’s stack.

You’ll be able to view the risk level of each app in the “Risk Analysis” reports section.

Although not directly regarding cybersecurity, it’s also worth mentioning that Torii helps you stay informed and better manage your organization’s software stack holistically, in terms of license life cycles and expense planning.

This allows you to keep track of your organization’s app usage and stay on top of budgets.

Cultivate a Culture of Accountability

Torii enables IT managers to easily identify app owners (usually the user who initially registered for the app) by viewing the app icons in the “Owner of” section.

As a result, they can quickly reach out to the right person whenever needed, minimizing the threat of shadow IT. So, for instance, if a user installs a potentially malicious app, the IT department will be able to immediately contact the app owner and prevent a similar scenario from happening in the future.

Assigning an “owner” for each SaaS product helps to associate the product with the team that’s most likely to use it and with the person who can serve as a kind of gatekeeper between the team and IT. And if you need to speak with someone about potentially taking an app out of circulation, or replacing it with one that integrates better with the rest of the company’s stack, for example, then you know who to turn to.

Torii allows you to cancel an employee’s access to specific apps by asking them to voluntarily withdraw their license. Alternately, you can forcefully cancel that user’s app ownership using the built-in, one-click offboarding tool.

This is especially useful in scenarios where the app owner is on long-term leave, is no longer employed by the organization, or doesn’t respond on time.

Additionally, Torii keeps you informed about each user who enters your IT ecosystem by keeping a complete record of three different types of user accounts: past users, current users, and external users.

Create Powerful Automated Workflows

Torii gives you access to powerful alerts and workflow automation tools to help you improve productivity. This includes speeding up SaaS sanctioning tasks and making the onboarding and offboarding processes more efficient and less error-prone.

You may never be able to stop people from using unsanctioned SaaS products, but using Torii’s alerts and processes, you can minimize your response times between app adoption and taking action. For example, you can configure a workflow in a way that whenever a new app is detected in your IT ecosystem, Torii will fire off an alert to the IT manager and a questionnaire about the app to its “owner.”

IT managers can access these features by going to the Automations > Workflows section in the Torii dashboard. They can either use an existing workflow or create a new workflow.

It only takes a couple of minutes to create a workflow in Torii. To get started, you’ll have to choose a trigger:

  • New app discovered
  • License not in use
  • Closed app in use

So, for example, if you choose the “New app discovered” trigger to create an onboarding workflow, you can:

  • Send a form to the app owner (i.e. the employee who wants to install the app) that will gather important details about the app.
  • Send the app owner an email or Slack notification along with customizable text.
  • Send a customizable approval request.

You can customize the onboarding form by modifying the introduction of the form and choosing the information you wish to collect from the app owner. You’ll also be able to share these form submissions with other people such as the accounts department.

You can also automate onboarding and offboarding of employees from specific apps and collections of apps.

These workflows enable you to get instant alerts when a new app is detected by Torii, thereby improving cybersecurity in your software ecosystem.

Conclusion

Shadow IT is a serious threat to your organization, as it makes sensitive data and systems vulnerable to data breaches, without the knowledge of your IT department. Although you can’t eliminate shadow IT, you can take quick action to mitigate risks.

A superior SaaS management solution like Torii can help you deal head-on with the challenges shadow IT poses. It gives you the tools you need to run risk analysis, gain visibility into your organization’s software ecosystem, and automate various SaaS management-related tasks.

The post Review: Tightening Your Team’s Cyber Defenses With Torii’s SaaS Management Solution appeared first on Information Technology Blog.



Udimi - Buy Solo Ads from Information Technology Blog https://ift.tt/3a7LeiS
via IFTTT

Comments

Popular posts from this blog

9 VCs in Madrid and Barcelona discuss the COVID-19 era and look to the future

Spain’s startup ecosystem has two main hubs: Madrid and Barcelona. Most observers place Barcelona first and Madrid second, but the gap appears to close every year. Barcelona has benefitted from attracting expats in search of sun, beach and lifestyle who tend to produce more internationally minded startups. Madrid’s startups have predominantly been Spain or Latin America-focused, but have become increasingly international in nature. Although not part of this survey, we expect Valencia to join next year, as city authorities have been going all-out to attract entrepreneurs and investors. The overall Spanish ecosystem is generally less mature than those in the U.K., France, Sweden and Germany, but it has been improving at a fast clip. More recently, entrepreneurs in Spain have moved away from emulating success in pursuit of innovative technologies. Following the financial crisis, the Spanish government supported the creation of startups with the launch of FOND-ICO GLOBAL, a €1.5 billi...

How to Stay Creative and Keep SEO in Mind

Information Technology Blog - - How to Stay Creative and Keep SEO in Mind - Information Technology Blog Search engine optimization (SEO) refers to customizing your website’s content to ensure that web browsers give your website a high SEO score. The sites with the highest SEO scores are featured on the search engine’s first page of search results for relevant searches.  71%  of the click-throughs happen with articles listed on the first page of results on the search engine. This means that if your website’s article is the second (or third, or fourth page), it’s less likely the search user will even see your article. You want your article to be ranking as close to the top of the first page of results as possible. In order to have a good SEO score your site’s content needs to feature keywords and relevant phrases. It must be optimized for easy navigation between pages. It also needs to be referenced via external links that drive traffic to your site. Incorporating all of t...

Everything we know about HHS Protect, a secretive government project with Peter Thiel's Palantir that helps brief Trump's coronavirus task force

A secretive project at the US Department of Health and Human Services is working with technology companies to collect and analyze data related to the novel coronavirus .  Dubbed "HHS Protect," the effort tracks information from around the country about coronavirus case numbers, hospital capacity, and even supply chain issues.  HHS uses Palantir Technologies , a data firm cofounded by Peter Thiel, to distill that information for the White House coronavirus task force. Visit Business Insider's homepage for more stories . A secretive project at the US Department of Health and Human Services is working with technology companies to collect and analyze data related to the novel coronavirus.  Dubbed "HHS Protect," the effort includes roughly 2.5 billion pieces of data from healthcare providers, government officials, and labs around the country about coronavirus case numbers, hospital capacity, and even supply chain issues.  The goal is learn about the progress...