Identifying Shadow SaaS Applications

The rate of SaaS adoption makes manual approaches to gaining a credible SaaS asset inventory woefully inadequate and exposes extremely difficult visibility challenges into both known and unknown SaaS applications.

Existing Challenge

As SaaS adoption continues to skyrocket, getting deeper visibility into SaaS apps within the organization, and how SaaS apps are interconnected have become more important than ever.
Without full visibility into the SaaS app landscape and getting the proper security and IT review upfront, numerous risks are introduced:

• Data security: Shadow SaaS can drive unknown attack surface expansion. That’s because shadow SaaS apps have bypassed IT’s typical vetting procedures.
• Compliance: Shadow SaaS also makes organizations vulnerable to non-compliance risks. Regulations like HIPAA and GDPR specify how companies can use, store, or transfer sensitive data.
• Increased costs: Beyond security and compliance concerns, shadow SaaS puts strain on business budgets, having a significant effect on the IT budget.

How Axonius Identifies Shadow SaaS applications

With its comprehensive approach to SaaS management, Axonius discovers all SaaS applications, including sanctioned, unsanctioned, shadow, and unmanaged apps.

Once the information gets fetched into the Axonius platform, the Applications module provides a comprehensive overview of the entire SaaS landscape.

The module’s filtering options provide the ability to break those applications down into the sanctioned and shadow groupings, per their category (use case), assessed risk level of those applications, or compliance frameworks each of those applications adhere to.

Shadow SaaS Review

Using the drop-down list and choosing the unmanaged option in the Application tab, the list is getting filtered to present the shadow applications - either connected via the non-sanctioned identity provider or SSO, or discovered through expense systems adapter data.

You can dive a bit more into the discovery and filter out those applications focusing on one of the categories (i.e., “productivity).

Clicking on any of the applications presented opens up an application profile - a summary of publicly available information on the application, its security and compliance controls, what is the type of encryption enabled, or whether it supports Single Sign-On or multi-factor authentication, and security risk level as assessed by Axonius experts based on all that data.

Below we see a profile of the workflow automation application Zapier. We can review some general information about the app, whether its security policies include Single Sign-On, MFA, bug bounty program, and more.

Worth noting, that view includes a specific count of total and shadow app users for further analysis of potential exposure. We see that the environment has 26 users logged in into Zapier - all connected not via company's default SSO.