SOM vs. CASB vs. IDaaS: The Unique Value of BetterCloud Demonstrated in 10 GIFs
February 7, 2018
7 minute read
“What is BetterCloud?”
“Is BetterCloud a CASB?”
“Is BetterCloud an IDaaS?”
Managing SaaS application environments is complicated. People ask us these questions all the time. But BetterCloud is solving a set of challenges that no other vendor addresses. We’re not a CASB or an IDaaS (in fact, many of our customers use us alongside those solutions). Instead, we’re pioneering a new IT market: SaaS Operations Management, or SOM.
451 Research recently recognized us as a pioneer in the emerging SOM market (read their report here). They’re the second major analyst firm to do so (Gartner was the first; read more on Gartner’s New Cloud Office Management Category here).
What’s SOM, exactly? It addresses the new operational admin and security challenges IT is facing when managing multiple SaaS applications. As SaaS adoption continues to skyrocket, it creates new, unforeseen challenges—and blind spots—for IT.
BetterCloud helps IT create, enforce, and optimize policies to overcome common challenges in SaaS environments, such as repetitive, manual processes; accidental misconfiguration of application settings; massive data sprawl; sensitive data exposure; insider threats, and more.
Here are 10 ways customers are using BetterCloud to enforce policies that help them manage and secure their SaaS applications:
1. Limit the number of super admins allowed in your environment
Super admins are users who have full access to all system administrative controls and features in native SaaS admin consoles. Since these users can access and manipulate every part of your organization’s SaaS applications, it’s vital to keep this number to a minimum. Implementing the principle of least privilege is a security best practice. Each additional user who has super admin privileges presents a multitude of entry points into your environment and more opportunity for dangerous human error.
In this policy, any time a new super administrator is added in Office 365, a ticket is created in Zendesk, and the user is disabled until IT can confirm this person should have this level of privileges.
2. Secure crucial groups privacy settings and lock down sensitive data
A common element of SaaS applications, groups make it possible for collections of people to collaborate and distribute information effectively. However, a simple misconfiguration in the privacy settings can easily lead to sensitive data exposure. This is exactly what happened in July of 2017 when hundreds of prominent companies accidentally exposed PII and private emails because the privacy settings in their Google Groups were set to “Public on the Internet” instead of “Private.” In some SaaS applications, even end users can configure who can post, join, and view messages in a group.
This policy automatically sets up default settings when a new Google Group is created. IT can enforce standard group permission, posting, and membership settings, and automatically revert settings back if they are changed inappropriately.
3. Gain visibility into license usage across applications and reclaim unused licenses
One of the most common blind spots for IT is the inability to track license usage after a user is initially onboarded. Shira Harrison, the IT director at Fullscreen Media, estimates that she saved at least $100,000 in license costs last year by using BetterCloud. In the platform, she can locate licenses in a suspended state and revoke licenses from users who have not logged in to an application in months.
In the user directory, you can view users and all of the connectors for which they have a license. IT can filter by SaaS application and last login, and then revoke unused licenses using Action Engine.
Want to learn more about critical blind spots?
Watch a recording of our popular webinar, The Top 8 Security Blind Spots in Your SaaS Environment.
4. Find who is automatically forwarding emails outside of your domain and disable it
In just a few minutes, a user can set up automatic email forwarding—an action that can result in data loss and compliance violations (see: Automatic Email Forwarding Rule Sent 1,700 Patients’ PHI to Employee’s Personal Account). Even if users prefer a different email program or the convenience of working at home, automatic email forwarding poses a security risk. The best practice is to enforce a policy that detects when a user configures their inbox to be forwarded to another address. It will then remediate the violation by disabling email forwarding and alerting the security team.
Whenever a user enables email forwarding to an account outside of the domain, this policy automatically disables it.
5. Locate publicly shared files and revoke their public sharing links
In SaaS applications like Google, Slack, Dropbox, and Box, users can create public links for files. While collaboration is a major benefit of SaaS applications, public sharing can be dangerous. For example, in Slack, the option to create a public link is enabled by default, and even if the corresponding Slack message is deleted, the file remains publicly accessible. While some files are meant to be public, companies should minimize publicly shared files as much as possible to limit the potential exposure of PII, intellectual property, or other sensitive data. Our customers share approximately 10% of their files publicly (on average).
This policy detects any file shared publicly through Slack and automatically revokes the public sharing link. In addition, IT can receive a Slack notification and send a Slack message to their security team about the file.
Interested in enforcing these policies for your organization?
Sign up for a personalized demo with one of our product experts.
6. Connect multiple instances of SaaS applications
One of the most valuable aspects of BetterCloud is the depth of APIs we use to ingest application information. By providing unparalleled centralization of data and settings, we allow IT to take actions that aren’t available in native admin tools. IT can also automate manual processes and view data across applications in a single interface. Now, with multiple instances of connectors, BetterCloud customers who are spread across several domains, locations, or service providers can assemble all of their data in one cohesive view.
With BetterCloud, customers can now apply best practice security and management policies across multiple instances of SaaS applications.
7. Minimize security risk by ensuring that external users don’t have data access forever
By 2020, 50% of the US workforce will be freelancers. As contractors become increasingly common, IT will have to manage more and more external users who have varying levels of access. BetterCloud allows you to follow the best practice of providing external users with only the privileges they need (and for the limited time they need it).
When a user outside of the domain is added to any group, IT can set up periodic notifications that remind them this external user still has access. IT can also automatically offboard users after a certain number of days.
8. Save time offboarding with Dynamic Fields
BetterCloud’s new Dynamic Fields feature empowers IT to use a “one size fits all” offboarding policy. You can use Dynamic Fields to set up one consolidated policy that will automatically transfer files to the offboarded user’s manager. This functionality can also be used to create more precise tickets in Zendesk or send customized messages that pull in defined fields like a first name, department, title, and much more.
This cross-application offboarding policy takes multiple steps to ensure a user no longer has any access to mission critical SaaS applications. Their crucial data is retained by transferring ownership of their Drive files to their specific manager.
9. Take SaaS Operations Management actions in bulk
One thing we always hear from customers is how many repetitive, manual tasks they have, and how little time they have for valuable project work. According to Spiceworks research, IT pros estimate only 11 percent of their time is spent on IT planning and strategy. Conversely, 40% of IT workers spend at least a quarter of their work week on manual, repetitive tasks. Aside from automation, one of the most common ways BetterCloud customers are eliminating mundane tasks from their work days is through bulk actions. Through a centralized view, BetterCloud customers can take over 150 actions on users, groups, and files across applications.
Customers can perform bulk actions like this one where you remove a group of users from a shared calendar.
10. Declutter your environment by cleaning up empty groups or channels
It’s common for channels or groups to become unused over time, leaving behind a “graveyard” of empty groups. Because they remain open but have zero members, this can cause confusion or hinder productivity. You never want a user to send a vital email to a group that’s no longer in use. Fortunately, BetterCloud allows you to automatically archive groups and channels that are out of date.
This policy ensures that any unused Slack channels are archived. IT can configure alerts for empty channels and then message the channel owner to ask if that specific channel is still needed, wait 30 days, and then automatically archive it.
How can BetterCloud help you in 2018?
Policies put the power back in IT’s hands. For those interested in becoming a BetterCloud customer, sign up for a personalized demo with one of our product experts. And for those that just want to talk IT, join BetterIT, our community of more than 1,900 forward-thinking IT professionals.
