Savvy Launches Identity-First Security OfferingSavvy Launches Identity-First Security Offering to Combat Toxic Combinations Driving SaaS RiskResearch Reveals Rapidly Expanding Identity-related Attack Surfaces in OrganizationsSavvy announced its Identity-First Security offering that uncovers risks created by a toxic combination of identity access management permissions, user behavior, and business context. Individually, these elements may appear benign, but together pose extreme organizational risk that can lead to data breaches, financial loss, compliance violations and brand damage. Armed with comprehensive visibility into SaaS applications, as well as associated user and app identities, security teams can now discover and remediate the most egregious identity risks in real time. Rapidly growing SaaS adoption and associated risks require a significantly different and deeper level of visibility and control than exists today. According to Stratecast and Frost & Sullivan, 80% of employees adopt SaaS apps without IT approval, which creates unbridled associated user and app identity risks that overwhelm traditional security processes and solutions. “Enterprise SaaS growth is empowering employees to be more productive, but is also allowing identity risks to grow unfettered because businesses have little-to-no visibility or control,” said Guy Guzner, CEO of Savvy. “Our platform helps organizations safely embrace all the benefits of SaaS by discovering the most damaging identity risks and then using our automation playbooks and just-in-time security guardrails to guide users at scale towards proper identity hygiene.” Savvy’s research revealed 400% more shadow SaaS apps than federated apps, and, of those, 60% of employees used weak, reused or compromised passwords. Savvy also found that over 35% of employees access federated SaaS apps directly, bypassing SSO and multi-factor authentication. In every organization analyzed, incomplete offboarding of app identities with access to sensitive data were discovered, a finding that has wide-ranging implications for regulatory compliance requirements. “Savvy’s free assessment revealed identities of former employees that I believed were offboarded but still had access to SaaS apps containing sensitive company information,” said Andrew Wilder, retained CISO and advisor for multiple organizations. “The offering allowed me to more effectively offboard users and properly maintain compliance. It also opened my eyes to just how many shadow identities existed across our organization due to third-party software.” Savvy’s Identity-First Security offering allows companies to identify the toxic combinations of identity risk including rogue administrators, compromised accounts, shadow identities, lack of multi-factor authentication, shared accounts, incomplete offboarding, direct sign-in vs. single sign-on, or risky and shared credentials. Once the platform provides visibility into an organization's SaaS security posture, its automation playbooks power interactive just-in-time security guardrails that guide users to resolve issues before they become an incident, reducing workload for security teams. Source: Savvy media announcement |