Software program-as-a-service (SaaS) has emerged as a pan-industry power by nearly every estimation. While data from Gartner indicates that SaaS formed the majority ($123 billion) of cloud end-user spending ($332 billion) last year, SaaS has been defying several business slowdown trends.
But the widespread use of SaaS and accessibility made possible by the broader cloud movement have created a monster known as SaaS sprawl, with some businesses accessing as many as 200 applications through the browser. Such statistics are encouraging for any burgeoning SaaS firm, but they also pose important safety concerns for organizations that use the software. How can these organizations meet the standard and ensure that their employees are practising strong safety hygiene?
Push Security, a London-based company, is working to address this issue by providing workers with a platform that allows them to use any SaaS apps they like for their authorized employment without sacrificing basic safety standards.
The way it works
Connecting Push Security to Office 365 or Google Workspace is required for the initial setup. This imports the company's employee profiles and evaluates each one's safety status.
Push then asks users to install a browser extension, which helps determine the scope of a company's SaaS sprawl and potential security issues.
Managers or IT staff can view all SaaS throughout the company and the number of clients on a dashboard. This data may be displayed in individual employee dashboards, showing precisely which SaaS are being used and the browsers being used to access them. It can also highlight instances where employees use the same password across various companies.
Push can set up any third-party integrations, extensions, and bots that staff members have enabled in these applications, as well as all SaaS apps and related security points, such as weak or repetitive username and password logins.
Push can guide users through necessary security procedures like setting up two-factor authentication (2FA), prompting them to change their passwords, or asking them to activate specific security settings inside an app using chatbot-style prompts that can be integrated into communication tools like Slack.
Shadow IT
Push is attempting to solve the primary issue of "shadow IT," which is when employees utilize software and tools without explicit IT approval. This is a practice that has gotten much easier in the SaaS world.
Since employees will join almost any software, it has become much more difficult for IT and security organizations to assess and examine each piece of software they need to use to complete their job. And most of the time, it is done with good intentions. For instance, an employee may only need to try out a SaaS program before persuading higher-ups that it is worthwhile to invest in. However, when they voluntarily try this, it usually results in weak passwords and a failure to activate any safety features comparable to 2FA.
In practice, this could imply that marketing teams experimenting with third-party social media management tools could unintentionally endanger the company's Twitter and Facebook accounts, or administrators could dabble with mobile device administration(MDM) software and open the door for hackers to spread malware to mobile devices used by the workforce.
While it is true that businesses can take some steps to prevent this by having rigorous IT regulations and monitoring, these measures are not always effective and are by no means foolproof.
Although there are other shadow IT discovery tools on the market, they often focus on providing IT and security departments with the knowledge they need to restrict SaaS usage. Push is intended to improve and secure SaaS consumption.
The story so far
The three co-founders are all alumni of MWR Infosecurity, a different security company that F-Safe purchased four years ago for $106 million. About 18 months later, the trio established Push Security without having a specific concept in mind; instead, the idea was to decide what problem they would address after conducting market research. Additionally, they soft-launched an MVP and invited people to an early admission preview in March last year.
They started trying to raise funds in August of last year, and they were only able to announce the closing of a $4 million seed round of fundraising at this time, along with the platform's completeness.
In their previous roles, the founders were well-versed in providing security assistance and services to some of the largest corporations in the world. With Push, however, the focus is on bringing the kind of user-centric security that larger corporations are already implementing internally to smaller businesses. Despite being forbidden from disclosing the names of any of its early clients, he did mention that it was collaborating with businesses in the fintech, security, insurance, pharmaceutical, and retail sectors, among others.
