Here’s What We Found in One Customer’s SaaS Environment That Caused Their IT Director to Say “Nooooo”
June 4, 2018
4 minute read
“I showed this to my director. He shook his head, shut his computer, and walked away.”
That was what the IT manager at a midsize media company said when we found that they had 36,000 Dropbox files shared publicly. Given that this media company has reported on several prominent data breaches, losing their own sensitive data could have been a detrimental blow to their brand.
Over the last few months at BetterCloud, we’ve uncovered many blind spots like this during dozens of implementation meetings with new customers. Blind spots are areas where IT has no visibility, and they often create risks IT had no idea even existed. As a result of widespread adoption of SaaS applications like Dropbox, Slack, and Google, the volume of user activity has increased exponentially. While users reap the benefits of enhanced collaboration, IT is left trying to control the proliferation of data and users’ access to it. Without proper controls, IT has no way to visualize and manage files, configurations, and settings across applications. This is creating blind spots that lie undiscovered below the surface, waiting like a dormant volcano to erupt.
Below are four stories from recent customer implementation meetings. Using BetterCloud, we detected multiple hazardous blind spots in each company’s SaaS environments. Here’s what we found and how we remediated it.
Note: Given the sensitive nature of data security and privacy, we have removed the company names to protect our customers’ information. No other details have been changed.
1. An exec forwarding all his emails to a personal account
For the company we mentioned above, the security blind spots we surfaced didn’t stop there. Over 10% of this company’s users were forwarding their emails to a personal account.
The worst offender of all was their head of operations, who had set up filters to forward everything to his personal account. Not all email forwarding is nefarious, but once corporate emails leave the perimeter, IT can no longer secure them. The content in emails received by an executive (like the head of operations) is also more likely to contain sensitive information, making email forwarding policies essential. Using BetterCloud, they were able to enforce a policy that prevented users from forwarding their email, and also change the settings in bulk for those 36,000 publicly exposed Dropbox files.
2. A Google Group named Payroll that allowed external people to join
During an implementation meeting with a fast-growing real estate company, we made a startling discovery: People outside the company could join their Payroll group. When we told the IT manager this, his reaction was: “Nooooo.”
His team was preparing for an IPO and needed to clean up their SaaS environment (G Suite, Dropbox, Slack, Microsoft Office 365, Zendesk, Salesforce) to pass upcoming audits. Like many other fast-growing companies, the IT team had been so bogged down with onboarding new team members that SaaS security had taken a back seat. Across their environment, we found blind spots symptomatic of a hyper-growth company: hundreds of users forwarding their emails, dozens of super admins, and hundreds of empty groups and channels.
One of our most alarming discoveries was that six of their super admins were no longer even with the company. These are people who could quickly access privileged information and make changes that could endanger settings and data. Using BetterCloud, they remediated each of these issues and set up policies that would keep them secure moving forward. They were also able to automate their onboarding process and give users access to the correct apps and settings from day one, which allowed them to shift their focus to strategic projects.
3. 1,000+ suspended users still being charged for G Suite licenses
Another customer, a well-known enterprise tech company, couldn’t figure out a solution to a widespread challenge: retaining important data when a user is offboarded.
Without a way to preserve the essential emails, files, and calendars from a former employee, IT cannot confidently offboard the user. Many companies simply keep those ex-employees in a suspended state in case IT needs to access their data after they leave. The downside to this method is that a standard G Suite license costs $120/user/year, even for suspended users. While this company was aware that suspending the user was the last step in their offboarding process, they didn’t realize just how many suspended users had accumulated over time.
When our team dug in, we found 1,300 suspended users in their environment, equating to roughly $156,000 in wasted spend per year. Using BetterCloud, they were able to construct an offboarding policy that automatically transfers a user’s crucial data to their manager or a data retention account before they are deleted. This allows their IT team to fully revoke a user’s licenses, saving them over $150,000 each year in license costs.
4. Executive assistants with super admin access
It’s a story that’s ubiquitous in many digital workplaces: IT has no capability to customize admin functionality, so they have no choice but to give low-level users full super admin access for simple tasks.
This was the case for one customer we recently met with. All of their executive assistants were super admins in order to manage executive calendars and conference rooms.
Using BetterCloud, this fast-growing analytics company was able to build out customized admin roles for each user’s position. Instead of having all of the keys to the kingdom, the executive assistants and help desk team now have the precise level of privileges needed to manage calendars or add users to groups.
After fixing their super admin issue, this customer was alarmed by a second major blind spot. In both Dropbox and Box, we unearthed several sensitive documents with external sharing links: offer letters, equity agreements, contract reviews, and more. When we traced the file path of the contract reviews, we found that they were in a publicly exposed accounting folder. Their IT director expressed it best: “We gotta kill those public links immediately.”
Get your free security consultation
These four stories are just a sample of the blind spots we’re identifying for our customers. While most companies probably won’t experience a massive, newsworthy breach tomorrow, it’s likely their SaaS environments aren’t 100% secure either. They fall somewhere in between.
To see where you fall along the security spectrum, we’re now offering a free security consultation of your environment — something previously only available to customers. In this session, we will detect blind spots in your environment, uncover potential security threats and compliance violations, and offer solutions to address them.
