Skip to content

How BetterCloud Discover Helps IT Know the SaaS Environment

Richard Moy

November 23, 2020

5 minute read

POWEROFDISCOVER_FEATURIMAGE

Over the last few months, we’ve written several times that you can’t secure what you can’t see. And even though many organizations know that they need something that helps IT know the SaaS environment, the “what you can’t see” part of that equation is growing exponentially. Today, companies use an average of 80 SaaS applications, which is a 10x increase since 2015. By 2025, companies estimate that 85% of the apps they use will be SaaS-based.

It’s clear that SaaS dominates the business IT landscape, but it also reemphasizes what we’ve said time and time again: You can’t secure what you can’t see, and there’s a lot more to see now.

It’s also why we’re confident that BetterCloud Discover represents one of the most important product releases in company history. During Altitude 2020, our director of product strategy Peter Bilali explained that this new product offering helps IT know the SaaS environment. He added, “With this launch, BetterCloud becomes the first all-in-one SaaSOps platform that can discover, manage, and secure all of your SaaS applications in one place.”

OK, great. But how does it work? Here are a few GIFs that demonstrate the power of BetterCloud Discover.

Reporting on applications that are granted OAuth access

The Wikipedia definition of OAuth is pretty straightforward. It’s an open standard that allows a user to grant an app access to their information on another website or application, but without providing their password.

For end-users, OAuth makes it insanely easy for end-users to agree to an app’s terms, regardless of the permissions they need to grant. The problem for security folks? It’s insanely easy for end-users to agree to an app’s terms, regardless of the permissions they need to grant.

Since OAuth grants apps access levels to your data, it’s an important method to help IT know the SaaS environment. And in BetterCloud Discover, your Applications dashboard shows you whether an app was discovered by BetterCloud, OAuth, or SSO.

oauth_discovery

In addition to showing you which apps were added to your environment via OAuth, the Status column shows you whether or not an app is sanctioned by IT. Want to take action on an Unsanctioned app discovered by OAuth? Just click on the app’s name in the Application column.

Evaluating potentially risky SaaS applications

Knowing which third-party apps have OAuth access is just one piece of the puzzle. BetterCloud Discover gives you quick access to the specific permissions that each third-party app has been granted.

Take a glance at the GIF below. We were curious to see what types of access that “Booking Calendar” had to this user’s accounts. After clicking Applications -> Google Workspace -> OAuth Apps, all we needed to do was hover over the number under the Permissions column.

risky_saas_applications

Although Booking Calendar only has one user, it’s not hard to figure out that it has access to quite a few things within Google Workspace, including the Calendar and Forms apps, not to mention several scripts. It’s also an Unsanctioned app. Based on this discovery (see what we did there?), an IT administrator would likely take further action on Booking Calendar—and also find an opportunity to re-educate the user on the potential security risks this app introduces to everyone across the organization.

In-depth reporting on departing and high-risk users

Last year, we reported that 62% of respondents to our 2019 State of Insider Threats in the Digital Workplace report felt that their biggest security threat comes from well-meaning but negligent end-users. That poses one important question: How do you identify those users? And more importantly, how do you see which of their apps pose a big risk to your SaaS environment?

The answer is in the GIF below.

high_risk_saas

BetterCloud’s new User 360 view gives you insights into every single application that has access into a particular user’s account. You’ll be able to see what types of data the apps have access to and whether or not they’ve been sanctioned by your IT administrator.

In the example above, IT sanctioned most of this user’s apps. But we still have a few apps marked as New or Unsanctioned, one of which is the incredibly popular Asana. Not only does this present an opportunity to evaluate Asana and mark it as Sanctioned, but it’s a good indicator that IT should conduct a deeper dive into similar apps across the SaaS environment that are in need of review.

Reviewing app usage across helps IT know the SaaS environment

Speaking of reviewing apps, BetterCloud Discover pulls in a lot of details to help IT know the SaaS environment. Here, we’ve decided to take a closer look at Asana after discovering that it was marked as Unsanctioned.

evaluate_saas_apps

Imagine that this was a lesser-known app. Discover reduces the amount of independent research required by pulling in several important details, including:

  • A short company bio
  • Company size and headquarters
  • Discovered date and discovery method
  • Any potentially redundant apps that are currently in use

This is a huge time-saver for IT. It’s an even bigger deal when you have to determine when a less popular app should or should not be sanctioned.

Quickly identify inactive users

Forrester recently released a new report on the growing need for SaaS operations. One thing that stuck out was that for many organizations, SaaS isn’t under or overprovisioned. And that got me thinking: How many SaaS licenses has IT purchased that weren’t necessary?

You probably guessed it, but BetterCloud Discover helps IT know the SaaS environment by identifying inactive users—and finding licenses that you can reprovision.

saas_app_usage

In the GIF above, we want to find users whose last activity in Google Workspace was prior to October 2020. This is a powerful resource for two reasons. First, it gives us an idea of how many licenses we might be able to repurpose. But more importantly, it gives us an easy way to identify users that might be potential security risks if they haven’t been properly offboarded.

You would have assumed many of these simple, but powerful features have already existed to help IT know the SaaS environment. But as many of our customers have told us, these features were a long time coming.

These GIFs just scratch the surface of the power and potential of BetterCloud Discover. Want to learn how Discover can help you secure your entire SaaS environment? Schedule a demo.

Categories

Sign up for our newsletter