Veza announced
Veza for SaaS Apps,
a solution to deliver access security and governance across SaaS
applications, including Salesforce, JIRA, Coupa, Netsuite, GitHub,
Gitlab, Slack, and Bitbucket. The solution allows customers to automate
access reviews, find and fix privilege access violations, trim privilege
sprawl, and prevent SaaS misconfigurations. With this solution, Veza
secures the attack surface associated with SaaS apps while enabling
continuous compliance with frameworks like Sarbanes-Oxley, ISO 27001,
SOC 2, and GDPR.
Organizations today maintain an average of 125 different SaaS
applications, costing $1,040 per employee annually, according to
Gartner's 2022 Market Guide for SaaS Management. As SaaS grows in
popularity, security and identity teams are under pressure to manage
security risks associated with the spread of data in these apps.
"SaaS applications are everywhere, holding sensitive data like customer
lists, financials, and employee data. This is a new attack surface for
the threat actors who misuse identity," said Tarun Thakur,
CEO and co-founder of Veza. "Conventional IAM techniques like
authentication are not enough to secure access to data in SaaS apps. We
are excited to introduce Veza for SaaS Apps to help our customers
protect sensitive data against credential theft, malicious attacks and
accidental exposure, putting SaaS access security within reach."
The Veza solution includes integrations to 15 popular SaaS applications,
including Salesforce, JIRA, Confluence, Coupa, Netsuite, GitHub,
Gitlab, Slack, and Bitbucket. Because Veza uses an out-of-band approach
to integrate with apps and systems, customers can integrate in less than
a day, unlocking unprecedented visibility and control in just hours.
"Using Veza, we have been able to achieve end-to-end visibility over
access permissions across our enterprise app stack, including
Salesforce," said Brian Miller, Director, Security Governance, Risk and Compliance at Achieve.
"As our customer base continues to expand, Veza helps us maintain least
privilege over sensitive financial customer data, giving us the
confidence to adopt new apps at lightspeed."
Capabilities of the Veza solution include:
-
Privileged Access Monitoring. Veza alerts security teams when
there are new grants of privileged access and privilege drift in SaaS
apps, such as new local admins in Salesforce. Veza monitors both human
identities and machine identities like service accounts and third-party
integrations.
-
User Access Reviews and Entitlement Certifications. Veza
automates the identity governance and administration process of periodic
access reviews, using workflow rules to route requests for
certification and providing decision-makers with authorization context
to choose the least-permissive role. Veza makes it possible to graduate
from periodic batches to "continuous compliance."
-
SaaS Misconfigurations. Veza monitors SaaS apps for
administrative misconfigurations and policy violations with over 100
pre-built queries to monitor and detect common misconfigurations in
permissions and access controls. For example, Veza alerts the security
team when users have access to sensitive data but do not have MFA
(multi-factor authentication) enabled.
SaaS applications contain sensitive data. Securing the access to this
data in SaaS apps is complicated given the application-specific RBAC
(role-based access control) that grants permissions to humans and
services. Because security teams can't see the reality of who can do
what with data, SaaS apps are vulnerable to privilege sprawl and risky
misconfigurations. The Veza Authorization Platform creates a
comprehensive graph of identity-to-data by ingesting and organizing the
authorization metadata (RBAC) from SaaS apps, cloud providers, data
systems, and identity providers.