Next DLP (“Next”), a leader in insider risk and data protection, announced the launch of Reveal SaaS Access Security to its industry-leading Reveal Platform. This new functionality marks a significant advancement in addressing the pervasive challenges of shadow software-as-a-service (SaaS) usage and the associated risks of sensitive data exposure in today’s digital-first business environments.
Due to the lack of visibility and control, shadow SaaS heightens the chance of data leakage and compliance violations as employees may inadvertently leak confidential data through unapproved cloud applications. Risk is further amplified with the use of non-corporate or corporate credentials that are then easily susceptible to compromise. As organisations embrace web applications, including generative AI tools like ChatGPT, there is a pressing need to gain comprehensive insights into web app usage to proactively manage and mitigate data exposure risks.
“In an era where businesses struggle to gain comprehensive insights into how web apps are being used by their teams, Reveal SaaS Access Security fills crucial gaps in the security stack,” said John Stringer, Head of Product at Next. “It not only offers visibility into the expanse of SaaS applications utilised across an organisation but also fortifies defences against potential data breaches stemming from business data exposure via unauthorised app usage.”
A study conducted by Next in January 2024 unveiled a multifaceted security challenge with SaaS applications. Insiders transferring data to personal online storage accounted for over 17% of detected exfiltration activities. Additionally, the widespread use of messaging services (such as WhatsApp, Signal and Facebook) and PDF conversion platforms was prevalent among users, bringing further focus to potential security vulnerabilities. These findings further highlight the need for this new capability, providing organisations with a holistic view of SaaS application use, whether sanctioned, unsanctioned, or unknown, as well as identity-based risk.
Key features of Reveal SaaS Access Security include:
Holistic Visibility: A centralised dashboard and inventory offering detailed insights into SaaS app usage, empowering organisations to identify and manage sanctioned and unsanctioned web apps, including emerging generative AI applications, and logins through both corporate and personal accounts.
Proactive Data Exposure Monitoring: Continuous monitoring of data transfers within SaaS applications facilitates the early detection of data exposure risks, protecting proprietary company information and intellectual property.
Real-time Risk Mitigation: Real-time controls, including employee education, to prevent data exfiltration attempts within both sanctioned and unsanctioned apps enhances the organisation’s ability to respond swiftly to potential incidents.
Compliance Audit and Reporting: An effective SaaS app inventory demonstrates the organisation has a comprehensive understanding of its software assets and provides the necessary documentation and evidence to demonstrate compliance with regulatory requirements during audits.
“Reveal SaaS Access Security is more than just a feature; it’s a strategic tool that empowers organisations to navigate the complexities of Shadow SaaS with confidence and precision,” said Connie Stack, CEO at Next. “By offering a unified view of application usage and real-time data protection measures, we are enabling businesses to safeguard their most valuable assets from the endpoint to the cloud.”
To learn more about the hidden risks of shadow SaaS, and the results of Next’s recent investigations into exfiltration detections visit https://www.nextdlp.com/resources/blog/impact-of-shadow-saas.