Discover How Security and IT Teams Can Save Money by Identifying SaaS-Shadow IT

On March 4, 2023, Wing Security, a SaaS Security Posture Management (SSPM) company, made waves with the launch of its free SaaS-Shadow IT discovery solution. The self-service product operates on a “freemium” model and offers cloud-based companies insight into their employees’ SaaS usage. Within the first few weeks of launching, over 200 companies enrolled in the free discovery tool.

Wing recently released a short report on the findings from hundreds of companies that unveiled SaaS usage, and the numbers are unsettling. In 71.4% of companies, employees use an average of 2.4 SaaS applications that have been breached in the past three months. On average, 58% of SaaS applications are used by only one employee and a quarter of organizations’ SaaS users are external.

The risks associated with SaaS usage can be categorized into three different types: applications related, users related, and data related. Applications related risks include risky applications with a low security score and applications that have recently been compromised but have permissions into the organization’s data. Users related risks include granting excessive permissions and user inconsistencies. Data related risks include sensitive files being shared on applications that are not meant for file sharing, secrets shared on public channels, and massive amounts of files being shared externally and then forgotten about.

It is crucial for organizations to have visibility into their employees’ SaaS usage to make informed decisions and take remedial actions to mitigate these risks. In 2023, the expectation is that basic SaaS-Shadow IT discovery should no longer come at a cost, as it should be a fundamental commodity for organizations aiming to secure their SaaS environment.