Today, mid-sized companies and their CISOs are struggling to handle the growing threat of SaaS security with limited manpower and tight budgets. Now, this may be changing. By focusing on the critical SaaS security needs of these companies, a new approach has emerged that can be launched for $1,500 a year.
If the name Wing Security (Wing) rings a bell, it is probably because earlier this year, they made waves by offering SaaS shadow IT discovery completely for free. Today, Wing is once again aiming to disrupt the SaaS security market by offering a new tier that the company claims to be 'The essential SaaS security level that every company should achieve.'
The new product tier focuses on SaaS shadow IT discovery, automated vendor risk assessments, and the ability to easily perform user access reviews on dozens of critical business applications. Wing also provides the ability to generate compliance-ready access reports that customers can then send to their auditor. The company notes that both vendor risk assessments and access reviews are key factors in achieving ISO 27001 and SOC 2 certifications.
SaaS security must-haves: Discover, Assess, Control
SSPM solutions are purpose-built to help organizations track, manage, and enhance their security posture in the context of SaaS usage. In today's digital landscape, SaaS has become the backbone of modern business operations. Based on research released earlier this year, the average employee uses 28 different SaaS applications, and in mid-size organizations, seven new applications are introduced each month. SSPM typically includes a wide range of capabilities and automated remediations revolving around SaaS application management (e.g., permissions, app-to-app connections, configurations), insider risk management, and even data exposure.
Security-related compliance standards set the bar for security practices, and achieving security compliance is a testament to an organization's commitment to data protection. With SaaS being a dominant part of any organization's supply chain, the following are the baseline requirements for ensuring safe SaaS usage:
A - You know of the SaaS connected to your organization. This is the first and necessary step as you can not secure what you don't know about.
B - You know the levels of permissions given to them and how many employees are using them. This ensures that your SaaS doesn't have excessive access to your critical data and that you recognize the applications most critical to your business.
C - You are able to determine their risk levels. This allows for more knowledgeable remediation actions (e.g., revoke vs. limit).
D - You can control users' access levels. This ensures only necessary users have the necessary access to critical business applications, minimizing potential exposure.
These are the four elements of Wing's newest product tier, and this is not a coincidence:
"We serve hundreds of companies with our Shadow-IT tier, and we studied their SaaS environments and needs." Galit Lubetzky Sharon, CEO of Wing. "With this new product tier, organizations unable to invest in a complete SSPM solution can, at a minimum, meet these base standards of security - Know, assess, control. This is also defined by the common security compliances. This should be achieved by everyone at a no-brainer cost".
Data-driven technology, enhanced by crowd-sourced features
Leveraging their insights into hundreds of SaaS-using companies, Wing crowdsourced and enriched their Reputation-DB, tracking over 280,000 SaaS applications for functionality, finances, compliance, and security history. This massive pool of data is at the core of the company's technology, enabling them to provide insights into applications, their usage patterns across hundreds of companies, and actionable remediation.
Wing's User Access Review feature, within the new product tier:
So what's the catch?
Wing Security is once again taking a product-led approach to SSPM. This basically means that this product tier is meant to provide just enough value to impress you and then leave you wanting more. While you will get your bang for the buck with this new product and will probably be able to check off your SaaS security checkbox for a while, you will eventually need to upgrade to a full SSPM solution if you aim to fully ensure your organization's secure SaaS usage. For many companies not yet using full SSPM solutions, this is a great fit and a way to show value and ROI very quickly. If you're a larger organization, it's likely you will need to upgrade to a full enterprise solution sooner rather than later.