Next DLP announced the launch of
Reveal SaaS Access Security to its industry-leading Reveal Platform. This new
functionality marks a significant advancement in addressing the pervasive
challenges of shadow software-as-a-service (SaaS) usage and the associated
risks of sensitive data exposure in today's digital-first business
environments.
Due to the
lack of visibility and control, shadow SaaS heightens the chance of data
leakage and compliance violations as employees may inadvertently leak
confidential data through unapproved cloud applications. Risk is further
amplified with the use of non-corporate or corporate credentials that are then
easily susceptible to compromise. As organizations embrace web applications,
including generative AI tools like ChatGPT, there is a pressing need to gain
comprehensive insights into web app usage to proactively manage and mitigate
data exposure risks.
"In an
era where businesses struggle to gain comprehensive insights into how web apps
are being used by their teams, Reveal SaaS Access Security fills crucial gaps
in the security stack," said John Stringer, Head of Product at Next.
"It not only offers visibility into the expanse of SaaS applications
utilized across an organization but also fortifies defenses against potential
data breaches stemming from business data exposure via unauthorized app
usage."
A study
conducted by Next in January 2024 unveiled a multifaceted security challenge
with SaaS applications. Insiders transferring data to personal online storage
accounted for over 17% of detected exfiltration activities. Additionally, the widespread use of messaging services
(such as WhatsApp, Signal and Facebook) and PDF conversion platforms was
prevalent among users, bringing further focus to potential security
vulnerabilities. These findings further highlight the need for this new
capability, providing organizations with a holistic view of SaaS application
use, whether sanctioned, unsanctioned, or unknown, as well as identity-based
risk.
Key features
of Reveal SaaS Access Security include:
- Holistic
Visibility: A centralized dashboard and inventory offering
detailed insights into SaaS app usage, empowering organizations to
identify and manage sanctioned and unsanctioned web apps, including
emerging generative AI applications, and logins through both corporate and
personal accounts.
- Proactive
Data Exposure Monitoring: Continuous monitoring of data
transfers within SaaS applications facilitates the early detection of data
exposure risks, protecting proprietary company information and
intellectual property.
- Real-time
Risk Mitigation: Real-time controls, including employee education, to
prevent data exfiltration attempts within both sanctioned and unsanctioned
apps enhances the organization's ability to respond swiftly to potential
incidents.
- Compliance
Audit and Reporting: An effective SaaS app inventory demonstrates the
organization has a comprehensive understanding of its software assets and
provides the necessary documentation and evidence to demonstrate
compliance with regulatory requirements during audits.
"Reveal
SaaS Access Security is more than just a feature; it's a strategic tool that
empowers organizations to navigate the complexities of Shadow SaaS with
confidence and precision," said Connie Stack, CEO at Next. "By offering a
unified view of application usage and real-time data protection measures, we
are enabling businesses to safeguard their most valuable assets from the
endpoint to the cloud."
To learn
more about the hidden risks of shadow SaaS, and the results of Next's recent
investigations into exfiltration detections visit https://www.nextdlp.com/resources/blog/impact-of-shadow-saas.